Re: hide attribute
Emmanuel Dreyfus wrote:
Michael Ströder <michael(a)stroeder.com> wrote:
> Why not a simple ACL for a group? Do the applications bind anonymously?
Of course it does. I said it was ill-designed :-)
>> A nicer approach would probably to have a hidden jpegPhoto: it would not
>> be sent to a client requesting all attributes, but a client explicitely
>> requesting a set of attribute including jpegPhoto would get it.
> I guess you will run into problems with some apps where you do want the
> jpegPhoto to be displayed.
Fortunately, the only apps I have that use the jpegPhoto are wise enough
to provide a set of attributes.
I think what you propose makes sense, I see few cases where it would be
definitely useful. In general, anything gives an administrator the
possibility to tune resource exhaustion sounds welcome. I think an
overlay is the right place.
With respect to your specific problem, you should be able to do
something close to what you need by loading your jpegPhoto as
jpegPhoto;x-mustberequested, then only allow access to this attribute
and not to plain jpegPhoto.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando(a)sys-net.it
-----------------------------------