Here's what we do: 1. Have a script that goes through all users in the FERPA OU and remove the ACE for Authenticated Users. 2. The account provisiong system uses a GUID for the CN instead of the standard First+Last or username. This is necessary because even with step 1 you can still list the contents of the OU, and the DN of the user will be viewable in groups they are members of.
Steve Evans -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Miller Sent: Tuesday, August 22, 2006 12:06 PM To: [email protected] Subject: [ActiveDir] LDAP queries and FERPA The recent discussion of LDAP queries from the outside brings to mind a question regarding FERPA for those of us working in the education arena. See http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html How do you deal with hiding directory data for individuals who have elected to not have their directory data exposed? I'm sure there are several solutions in current use. -- Michael J. Miller Computing Services College of Veterinary Medicine, UIUC _________________________________________________________________ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
