Re: LDAP attribute masking
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 30 Jan 2007 13:40:55 -0600
No, you can't do that. Attributes are "all or nothing" for read privileges.
It is possible to change the permissions on attributes to prevent people
from seeing certain data, but it is difficult and generally not a good idea
to do unless it is very important. Typically, it is best to avoid putting
confidential data in the directory in the first place if you can avoid it.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<Dxdunbar@xxxxxxxxx> wrote in message
news:1170184396.768047.322710@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello, I'm in the process of building an application where help desk
personnel will be able to query AD for a users employee id in order
verify account modification request. I do not need for them to be
able to see the entire id only the last five digits. I know i can do
it within the app but the problem i have is if they were to use
vbscript or Dsquery on there local machines to query ldap then they
would be able to see the entire id. I would like to know if there is
a way to mask an attribute in AD so that when non administrators query
AD it only returns n number of digits. Any insight will be appreciated
.
- Follow-Ups:
- Re: LDAP attribute masking
- From: Dxdunbar
- Re: LDAP attribute masking
- References:
- LDAP attribute masking
- From: Dxdunbar
- LDAP attribute masking
- Prev by Date: Re: Domain Split After Company Sale
- Next by Date: Re: Trust relationship between this workstation and the primary do
- Previous by thread: LDAP attribute masking
- Next by thread: Re: LDAP attribute masking
- Index(es):
Relevant Pages
|
