Access to directory entries and attributes can be managed using Access Control Lists (ACL).
The various LDAP-compatible servers do this slightly differently, but the basic principles are the same. Here is a nicely written doc explaining ACLs in the OpenLdap server. It allows for a static (config file) as well as dynamic (special attribute) ACL configuration: http://www.openldap.org/doc/admin24/access-control.html So don't worry, access to sensitive data can be controlled. Vladimir -- Vladimir Dzhuvinov :: Json2Ldap & JsWorld :: http://software.dzhuvinov.com
