I have some custom schema attributes that have been created in AD. These are specific to my company and are populated via our Identity management solution from feeds by our HR and SR departments. These attributes should have controlled access to allow only specifically authorized users the ability to read, i.e. everyone should not have the ability to read a vuStudentDormCode attribute. Only the authorized departments like student records should have the ability to read this attribute.
Now in our legacy system, we are using ODSEE 11G LDAP and have created ACI’s to restrict access to these attribute. But given the fact that AD allows so much to be viewed by default, I need a way to restrict the access. The goal is to allow certain security groups that are tightly controlled to access these attributes. I would like to do this at the attribute level if possible. Though I am not familiar with this process so I could be off base in wanting that method.
I have researched a few ways to do this like using LDP and the confidentiality bit. I am a little confused about this method though and wanted to get your take on how to do this.