Re: LDAP attribute masking
- From: Dxdunbar@xxxxxxxxx
- Date: 30 Jan 2007 13:16:11 -0800
On Jan 30, 1:40 pm, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
No, you can't do that. Attributes are "all or nothing" for read privileges.
It is possible to change the permissions on attributes to prevent people
from seeing certain data, but it is difficult and generally not a good idea
to do unless it is very important. Typically, it is best to avoid putting
confidential data in the directory in the first place if you can avoid it.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
--<Dxdun...@xxxxxxxxx> wrote in message
news:1170184396.768047.322710@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello, I'm in the process of building an application where help desk
personnel will be able to query AD for a users employee id in order
verify account modification request. I do not need for them to be
able to see the entire id only the last five digits. I know i can do
it within the app but the problem i have is if they were to use
vbscript or Dsquery on there local machines to query ldap then they
would be able to see the entire id. I would like to know if there is
a way to mask an attribute in AD so that when non administrators query
AD it only returns n number of digits. Any insight will be appreciated
Thanks for your response. Do you know of encoding function i could
use to populate the attributes?
.
- Follow-Ups:
- Re: LDAP attribute masking
- From: Joe Kaplan
- Re: LDAP attribute masking
- References:
- LDAP attribute masking
- From: Dxdunbar
- Re: LDAP attribute masking
- From: Joe Kaplan
- LDAP attribute masking
- Prev by Date: Dual Monitor Problem
- Next by Date: Re: Usernames
- Previous by thread: Re: LDAP attribute masking
- Next by thread: Re: LDAP attribute masking
- Index(es):
Relevant Pages
|
