[Date Prev][Date Next] [Chronological] [Thread] [Top]

"hidden" attributes in openldap?

Hi everybody,

I hope I am sending this email to the correct mailing list, if not please excuse me.

I am trying to find a way to hide/unhide attributes on my DIT (openldap-2.4.21) and I cannot find a way to do this. What I mean by hide/unhide is that I want specific attributes to be listed with ldapsearch only if the owner of the records agrees. I did not find any feature that does this "automatically", so I tried to implement it through acls. I created a group called i.e. "cn=publish mail,ou=Groups,dc=example,dc=com" where people wishing to disclose their emails are members of this group. On the acl statement I couldn't find a way to restrict my acl based on "conditional attributes".

Is there a way to support such a behavior (maybe through an additional overlay, or oclAccess, etc)?

If someone knows an answer I would be delighted to know so.

Thank you all for your time in advance,


PS. I have submitted a similar question to an "ldap programmers" forum, because I thought that openldap lists don't support such questions. Nevertheless, I found analogous questions being asked on this list by googling, so I thought I should give it a try.

George Mamalakis

IT Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)

Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki

phone number : +30 (2310) 994379