[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: hide attribute
Emmanuel Dreyfus wrote:
>
> Many badly designed software fetch all attribute when looking up an user
> in the directory, instead of just fetching the one they are interested
> in.
>
> My user objects have jpegPhoto attribute, which get fetched with the
> whole user object. jpegPhoto are big, so this cause unnescesary load on
> the network and LDAP servers and it slows down login process on the bad
> software.
>
> Setting up ACL to deny read access to jpegPhoto is not always feasible,
> nor it is easily maintainable.
Why not a simple ACL for a group? Do the applications bind anonymously?
> A nicer approach would probably to have a hidden jpegPhoto: it would not
> be sent to a client requesting all attributes, but a client explicitely
> requesting a set of attribute including jpegPhoto would get it.
I guess you will run into problems with some apps where you do want the
jpegPhoto to be displayed.
Ciao, Michael.