[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL's - read but not search?



Hi,

I want to create a set of ACL's that will allow users to view certain attributes, but not search on those attributes. The biggest example is phone numbers. I want to allow users to look up the phone number for a person, but not look up the person for that phone number.

For a single ACL, if I permit a specific action, I also permit all actions actions above it also. For example, read access implies search access, and write access implies both read and search access.

http://www.openldap.org/doc/admin21/slapdconfig.html#Access%20Control

Does anyone know of a way to allow read access on an attribute, without search access on that same attribute?

Thanks,

Matt

--
Matt Richard
Access and Security Coordinator
Franklin & Marshall College
matt.richard@fandm.edu