[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to say not to use a particular objectClass for a dn

Harishkumar Pathangay wrote:
> Hi,How to say not to use a particular objectClass for a dn.
> For example,harish@openSUSE:~> ldapsearch -x -b 'dc=my-domain,dc=com'  '(objectclass=*)' # extended LDIF## LDAPv3# base <dc=my-domain,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL#
> # my-domain.comdn: dc=my-domain,dc=comobjectClass: dcObjectobjectClass: organizationdc: my-domaino: Example Corporation
> # Manager, my-domain.comdn: cn=Manager,dc=my-domain,dc=comobjectClass: organizationalRolecn: Managerdescription: Directory Manager
> # search resultsearch: 2result: 0 Success
> Here, we see that dn: dc=my-domain,dc=com uses objectClass: organizationI want to say not to use objectClass: organization.
> How to do this?

You probably want to have DIT structure rules which are (unfortunately) not
implemented by OpenLDAP yet.

It's possible to work-around this with ACLs:

A schema-aware client cannot detect the custom ACLs though.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature