Search only few subtrees under baseDN

[Ervin Hegedüs <airween@gmail.com>]

Hi,

may be the subject doesn't give back my real quastion... and may
be this is a returned topic... sorry.

Scenario: there is a database with several DC's, all DC's divided to
several OU's, and most OU contains several other OU's.

dc=hu
+ dc=company1
+ dc=company2
  + dc = sub-company21
    + ou = orgunit1
    + ou = orgunit2
    + ou = orgunit3

and there are several users.

Take a look two examples:

uid=admin1,ou=some-org,dc=sub-company21,dc=company2,dc=hu needs to
read the ou=orgunit1 and ou=orgunit2.

uid=admin2,ou=some-org,dc=sub-company21,dc=company2,dc=hu needs
to read full dc=sub-company21 subtree.


All of them are WORKING now as well with ACL's.


But now, the admin1 user needs to set up two different connections
in GUI browser, because he can't set up the
dc=sub-company21,dc=company2,dc=hu as baseDN.

When he uses the search through API, then he needs to make 2
different lookup to collect all nodes from DB, and merge them.


Is there any way to set up one or more ACL's, where admin1 user
can set up the dc=sub-company21,dc=company2,dc=hu as baseDN, and
can start to search from there, but he will see the entries only
from ou=orgunit1 and ou=orgunit2?


Hope that's clear...


Thanks,


a.