[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Search only few subtrees under baseDN

Hi,

On Thu, May 10, 2018 at 06:02:48PM +0200, Ervin Hegedüs wrote:
> Hi again,
> 
> On Wed, May 09, 2018 at 01:00:05PM +0200, Ervin Hegedüs wrote:
> > Hi,
> > 
> [...]
>  
> > 
> > Is there any way to set up one or more ACL's, where admin1 user
> > can set up the dc=sub-company21,dc=company2,dc=hu as baseDN, and
> > can start to search from there, but he will see the entries only
> > from ou=orgunit1 and ou=orgunit2?
> 
> if there isn't any solution with ACL, can I make it some other
> way? I mean, back_meta, rewrite, or other overlay solutions...?
> 


I'm playing with aliases, thought I can make it with it.

The tree:

dn: ou=orgunit1,dc=sub-company21,dc=company2,dc=hu
dn: ou=orgunit2,dc=sub-company21,dc=company2,dc=hu
dn: ou=orgunit3,dc=sub-company21,dc=company2,dc=hu

and the new "collection":
dn: ou=collection1,dc=sub-company21,dc=company2,dc=hu

I'ld like to add an alias from ou=orgunit1 under ou=collection1:

dn: ou=orgunit1,dc=sub-company21,dc=company2,dc=hu
changetype: add
objectClass: alias
objectClass: top
objectClass: organizationalUnit
aliasedObjectName: ou=orgunit1,ou=collection1,dc=sub-company21,dc=company2,dc=hu

but the ldapadd gives:

invalid structural object class chain (alias/organizationalUnit)

I've tried to add the alias as dn=aliased_name, and
aliasedObjectName is the original, but same result.


How can I add the OU alias, with all children?


Thanks,


a.