Actually, I wanted to have control which stations sees which AP. I had some trouble with that approach by stations which are doing passive scanning and so on...
Now I wonder if steering works, if your standard config hides the SSID, but you have the ability so send probe response messages containing the SSID.
Did somebody tried to do such stuff already? Otherwise I think I will give it a try and modify the ubus hostapd calls.
It will at least see the AP once, I assume you'd then want a procedure if it were able to see both SSIDs. You'll have to program that behavior - as you noted. Be advised, all client OSes don't gracefully "steer."
I found one paper exactly doing what I describe.
It is called DenseAP.
First, the passive DAPs (i.e., those that do not have clients associated with them) in the network do not send out any beacons. The active DAPs do send out beacons but with a hidden SSID. Second, each DAP maintains a local access control list (ACL) of client MAC addresses. On receiving a probe request from a client, the DAP replies with a probe response message only if the client’s MAC address is in its ACL.
Source: Murty, Rohan, et al. "Designing High Performance Enterprise Wi-Fi Networks." NSDI . Vol. 8. 2008.
Okay, the Cisco people released a paper called ClientMarshal: Regaining Control from Wireless Clients for Better Experience in Enterprise WLANs.
They use CSA and a third radio to scan for clients. Maybes this is the way to go... But you don't have a third radio on "off-the-shelf-hardware"...