Peter Gietz wrote: > > Am 20.07.20 um 16:15 schrieb Olivier -: >> Thanks but that not what I wish to do. >> In fact, I would like to have different behaviors depending on who is >> querying OR what is inside the data >> >> Example : >> >> The record is : >> dn: cn=Smith,ou=public,c=com >> confidentiality: 1 >> sn: Smith >> >> if mister_privilege request "sn" on this record , it will reply 'Smith' >> if mister_no_privilege request "sn" on this record , it will reply 'xxx' >> >> Can we do something like this ? > > Yes you can, but AFAICS such is only possible via a customized OpenLDAP > overlay.
No, you can do this with the standard ACL engine, using a value-specific ACL. The only caveat is you must also store the value "sn: xxx", and assign the appropriate value ACL to it so that mister_no_privilege can see it. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
