I host an ldap server of a organization. All users have attributes 'EntryYear' and 'ExitYear'. With ACI rules, I'd like to restrict that each user can only read the user attributes of users which were member of the organization at the same time.
So the query should work like this: (&(entryYear<=AUTHENTICATED_USERS_EXITYEAR)(exitYear>=AUTHENTICATED_USERS_ENTRYYEAR)) I thought about a solution in the subtreeSpecification with a filter like mentioned above. But I don't get it how I could use the attributes of the authenticated user. Am I on the right track? Is there an opportunity that covers my needs? Any help is appreciated.
