On 2012-12-05 16:44, Julien Gribonvald wrote:
My needs are for the adressbook feature using an LDAP, we would like to do dynamic's filters depending on users attributes obtained at the connection with a LDAP request.
Are you saying that you need, for example, a filter of:
(&(objectclass=inetorgperson)(location:$branch_office_1))
for somebody that logs in that has an LDAP attribute 'location' set to '$branch_office_1', or something along similar lines?
You may want to consider something along the lines of (OpenLDAP slapd.conf syntax):
access to dn.subtree="ou=people,dc=example,dc=org" by set.exact="this/location & user/location" read by * none
which reads as follows:
Read, search, compare, auth and disclose access is granted to entries in the OU=People sub-tree, for which the 'location' attribute value on the entry searched/found is equal to the 'location' attribute value for the user that bound to LDAP.
This way, there's no need to modify code, and it'll work for other LDAP clients as well.
Kind regards,
Jeroen van Meeuwen