[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: User restriction



Adam Hough <adam@gradientzero.com> writes:

> On Mon, Jun 7, 2010 at 4:44 AM, Stuart Cherrington <
> stuart_cherrington@hotmail.co.uk> wrote:

[...]
>     ldapsearch -x -b 'ou=auth,dc=ldn,dc=sw,dc=com' -h 10.2.250.15 -D cn=
>     proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxxx
[...]

This search is done with default scope, which is subtree.

>     dn: cn=access,ou=auth,dc=ldn,dc=sw,dc=com
>     objectClass: groupOfNames
>     objectClass: top
>     cn: access
>     member: uid=stuart,ou=people,dc=ldn,dc=sw,dc=com
[...]
>     You can clearly see the first Member line is myself. If I now try:
>    
>     ldapcompare2.4 -v -x -h 10.2.250.15 -D cn=proxyagent,ou=profile,dc=ldn,dc=
>     sw,dc=com -w xxxxxxxx "ou=auth,dc=ldn,dc=sw,dc=com" member:uid=stuart,ou=
>     people,dc=ldn,dc=sw,dc=com
[...]

A ldapcompare is done one the base DN.
please compare those two DN's:
ou=auth,dc=ldn,dc=sw;dc=com
cn=access,ou=auth,dc=ldn,dc=sw,dc=com

-Dieter

-
-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6