On 2012-12-05 16:44, Julien Gribonvald wrote:
My needs are for the adressbook feature using an LDAP, we would like
to do dynamic's filters depending on users attributes obtained at the
connection with a LDAP request.
Are you saying that you need, for example, a filter of:
(&(objectclass=inetorgperson)(location:$branch_office_1))
for somebody that logs in that has an LDAP attribute 'location' set to
'$branch_office_1', or something along similar lines?
You may want to consider something along the lines of (OpenLDAP
slapd.conf syntax):
access to dn.subtree="ou=people,dc=example,dc=org"
by set.exact="this/location & user/location" read
by * none
which reads as follows:
Read, search, compare, auth and disclose access is granted to entries
in the OU=People sub-tree, for which the 'location' attribute value on
the entry searched/found is equal to the 'location' attribute value for
the user that bound to LDAP.
This way, there's no need to modify code, and it'll work for other LDAP
clients as well.
Kind regards,
Jeroen van Meeuwen
--
Systems Architect, Kolab Systems AG
e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com
pgp: 9342 BF08
_______________________________________________
Roundcube Development discussion mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/dev
