Peter Gietz wrote:
Am 20.07.20 um 16:15 schrieb Olivier -:
> Thanks but that not what I wish to do.
> In fact, I would like to have different behaviors depending on who is querying OR
what is inside the data
> Example :
> The record is :
> dn: cn=Smith,ou=public,c=com
> confidentiality: 1
> sn: Smith
> if mister_privilege request "sn" on this record , it will reply
> if mister_no_privilege request "sn" on this record , it will reply
> Can we do something like this ?
Yes you can, but AFAICS such is only possible via a customized OpenLDAP overlay.
No, you can do this with the standard ACL engine, using a value-specific ACL.
The only caveat is you must also store the value "sn: xxx", and assign the
appropriate value ACL to it so that mister_no_privilege can see it.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/