[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Search only few subtrees under baseDN

To: Ervin Hegedüs <airween@gmail.com>
Subject: Re: Search only few subtrees under baseDN
From: Philip Guenther <pguenther@proofpoint.com>
Date: Thu, 10 May 2018 09:12:18 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <20180510160248.GA6878@arxnet.hu>
References: <20180509110005.GA23312@arxnet.hu> <20180510160248.GA6878@arxnet.hu>
User-agent: Alpine 2.21 (BSO 202 2017-01-01)

On Thu, 10 May 2018, Ervin Hegedüs wrote:
> On Wed, May 09, 2018 at 01:00:05PM +0200, Ervin Hegedüs wrote:
> > Is there any way to set up one or more ACL's, where admin1 user
> > can set up the dc=sub-company21,dc=company2,dc=hu as baseDN, and
> > can start to search from there, but he will see the entries only
> > from ou=orgunit1 and ou=orgunit2?
> 
> if there isn't any solution with ACL, can I make it some other
> way? I mean, back_meta, rewrite, or other overlay solutions...?

An LDAP filter can test the components of an entry's DN with a clause such 
as:
   (|(ou:dn:=orgunit1)(ou:dn:=orgunit2))

Note the ":dn" syntax there.

Perhaps an ACL using an LDAP filter containing something like that would 
be part of a solution.


Philip Guenther

Follow-Ups:
- Re: Search only few subtrees under baseDN
  - From: Ervin Hegedüs <airween@gmail.com>

References:
- Search only few subtrees under baseDN
  - From: Ervin Hegedüs <airween@gmail.com>
- Re: Search only few subtrees under baseDN
  - From: Ervin Hegedüs <airween@gmail.com>

Prev by Date: Re: Search only few subtrees under baseDN
Next by Date: Re: Optimal configuration for olcToolThreads and olcThreads
Index(es):
- Chronological
- Thread