[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Search only few subtrees under baseDN
Am Sun, 13 May 2018 09:42:22 +0200
schrieb Ervin Hegedüs <airween@gmail.com>:
> Hi,
>
> On Thu, May 10, 2018 at 06:02:48PM +0200, Ervin Hegedüs wrote:
> > Hi again,
> >
> > On Wed, May 09, 2018 at 01:00:05PM +0200, Ervin Hegedüs wrote:
> > > Hi,
> > >
> > [...]
> >
> > >
> > > Is there any way to set up one or more ACL's, where admin1 user
> > > can set up the dc=sub-company21,dc=company2,dc=hu as baseDN, and
> > > can start to search from there, but he will see the entries only
> > > from ou=orgunit1 and ou=orgunit2?
> >
> > if there isn't any solution with ACL, can I make it some other
> > way? I mean, back_meta, rewrite, or other overlay solutions...?
> >
>
>
> I'm playing with aliases, thought I can make it with it.
>
> The tree:
>
> dn: ou=orgunit1,dc=sub-company21,dc=company2,dc=hu
> dn: ou=orgunit2,dc=sub-company21,dc=company2,dc=hu
> dn: ou=orgunit3,dc=sub-company21,dc=company2,dc=hu
>
> and the new "collection":
> dn: ou=collection1,dc=sub-company21,dc=company2,dc=hu
>
> I'ld like to add an alias from ou=orgunit1 under ou=collection1:
>
> dn: ou=orgunit1,dc=sub-company21,dc=company2,dc=hu
> changetype: add
> objectClass: alias
> objectClass: top
> objectClass: organizationalUnit
> aliasedObjectName:
> ou=orgunit1,ou=collection1,dc=sub-company21,dc=company2,dc=hu
>
> but the ldapadd gives:
>
> invalid structural object class chain (alias/organizationalUnit)
>
> I've tried to add the alias as dn=aliased_name, and
> aliasedObjectName is the original, but same result.
>
>
> How can I add the OU alias, with all children?
Objectclasses aliasedObjectName and organizationalUnit are both
structural Objectclasses, try to add auxiliary object classes, or
create your own classes. Some documentation include extensibleObject
class, but this would create additional security questions.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E