Anders wrote:
We are using OpenLDAP for user authentication. Now we want to reuse
the data for internal address books. My problem is that not all
records should be shown in the address books.
Just as an example, I might want to hide all records that have
(active=FALSE). Adding the search constraint to every e-mail client
is not suitable, as the constraints will probably change over time.
I imagine having a virtual DN for address books, containing dynamic
data filtered according to my configuration. From reading the
documentation, it seems that an overlay would be the thing to use for
this, but I have been unable to find a suitable overlay. Does one
exist? Or should I approach this differently?
An interesting approach would be to
allow filters on proxy backends. I
recall proposing something like that in the past, without a serious need
pushing me to implement it. You could look at allowing a filter for
back-ldap, and AND it to all search requests.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------