Re: LDAP attribute masking
- From: Dxdunbar@xxxxxxxxx
- Date: 2 Feb 2007 13:30:21 -0800
Thank you guys for your help.
On Jan 30, 9:32 pm, "Joe Richards [MVP]" <humorexpr...@xxxxxxxxxxx>
wrote:
Your realistic options are:
1. Use two attributes, one attribute has full id, the other has partial
and then lock down who can see full ID. As JoeK mentioned, it generally
isn't a good idea to lock down attribs in AD this way.
2. Keep the ID info in another store, SQL or ADAM, something like that
that only admins have access to.
3. Look at Active Roles Server which has the idea of virtual attributes
and extensive business rules and control. It is also costly.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Editionwww.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Dxdun...@xxxxxxxxx wrote:
Hello, I'm in the process of building an application where help desk
personnel will be able to query AD for a users employee id in order
verify account modification request. I do not need for them to be
able to see the entire id only the last five digits. I know i can do
it within the app but the problem i have is if they were to use
vbscript or Dsquery on there local machines to query ldap then they
would be able to see the entire id. I would like to know if there is
a way to mask an attribute in AD so that when non administrators query
AD it only returns n number of digits. Any insight will be appreciated
.
- Prev by Date: Re: ldifde (or csvde) won't export field "info" as unicode
- Next by Date: Re: Removing BDCs from domain
- Previous by thread: Re: Which OU user belongs to?
- Next by thread: Re: ghost user in Win2K3 AD group only visible from net group command
- Index(es):
Relevant Pages
|
