Gary C. New writes:
Is it possible to construct an ACL to allow/disallow a specific
attribute from being access by another user based on a subsequent
attribute in the same entry? (...)
cn=sam,dc=example,dc=net
postalAddress: 12 Sampson St
hidePostalAddress: TRUE
Something like this:
access to filter=(hidePostalAddress=TRUE) attrs=postalAddress
by self write
by <whoever can read it anyway> read
(and you could put "by * none" at the end for readability,
but that's the default anyway.)
See 'man slapd.access' in OpenLDAP 2.2.