|
Hi,
Can you please suggest some documentation to learn LDAP basics. I am struggling with understanding even what a DN is? I am not able to add entries like: # Add Org Unit Actors dn: ou=Sales,o=Example Corporation,dc=my-domain,dc=com objectClass: dcObject objectClass: organization objectClass: organizationalUnit dc: my-domain o: Example Corporation ou: Sales I am getting Structural Object Class Chain Errors. So, what is the kind of Hierarchial Structure we can build using openLDAP? Are there restrictions in terms of creating DN also? Please suggest some documentation links where i can learn the basics clearly. Thanks, Harish Pathangay > Date: Sun, 10 Nov 2013 11:55:52 +0100 > From: michael@stroeder.com > To: harishpathangay@outlook.com; openldap-technical@openldap.org > Subject: Re: How to say not to use a particular objectClass for a dn > > Harishkumar Pathangay wrote: > > Hi,How to say not to use a particular objectClass for a dn. > > For example,harish@openSUSE:~> ldapsearch -x -b 'dc=my-domain,dc=com' '(objectclass=*)' # extended LDIF## LDAPv3# base <dc=my-domain,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL# > > # my-domain.comdn: dc=my-domain,dc=comobjectClass: dcObjectobjectClass: organizationdc: my-domaino: Example Corporation > > # Manager, my-domain.comdn: cn=Manager,dc=my-domain,dc=comobjectClass: organizationalRolecn: Managerdescription: Directory Manager > > # search resultsearch: 2result: 0 Success > > Here, we see that dn: dc=my-domain,dc=com uses objectClass: organizationI want to say not to use objectClass: organization. > > How to do this? > > You probably want to have DIT structure rules which are (unfortunately) not > implemented by OpenLDAP yet. > > It's possible to work-around this with ACLs: > http://www.openldap.org/faq/data/cache/1474.html > > A schema-aware client cannot detect the custom ACLs though. > > Ciao, Michael. > > |