Hi everybody,
I hope I am sending this email to the correct mailing list, if not please excuse me.
I am trying to find a way to hide/unhide attributes on my DIT (openldap-2.4.21) and I cannot find a way to do this. What I mean by hide/unhide is that I want specific attributes to be listed with ldapsearch only if the owner of the records agrees. I did not find any feature that does this "automatically", so I tried to implement it through acls. I created a group called i.e. "cn=publish mail,ou=Groups,dc=example,dc=com" where people wishing to disclose their emails are members of this group. On the acl statement I couldn't find a way to restrict my acl based on "conditional attributes".
Is there a way to support such a behavior (maybe through an additional overlay, or oclAccess, etc)?
If someone knows an answer I would be delighted to know so.
Thank you all for your time in advance,
mamalos
PS. I have submitted a similar question to an "ldap programmers" forum, because I thought that openldap lists don't support such questions. Nevertheless, I found analogous questions being asked on this list by googling, so I thought I should give it a try.