Harishkumar Pathangay wrote: > Hi,How to say not to use a particular objectClass for a dn. > For example,harish@openSUSE:~> ldapsearch -x -b 'dc=my-domain,dc=com' '(objectclass=*)' # extended LDIF## LDAPv3# base <dc=my-domain,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL# > # my-domain.comdn: dc=my-domain,dc=comobjectClass: dcObjectobjectClass: organizationdc: my-domaino: Example Corporation > # Manager, my-domain.comdn: cn=Manager,dc=my-domain,dc=comobjectClass: organizationalRolecn: Managerdescription: Directory Manager > # search resultsearch: 2result: 0 Success > Here, we see that dn: dc=my-domain,dc=com uses objectClass: organizationI want to say not to use objectClass: organization. > How to do this? You probably want to have DIT structure rules which are (unfortunately) not implemented by OpenLDAP yet. It's possible to work-around this with ACLs: http://www.openldap.org/faq/data/cache/1474.html A schema-aware client cannot detect the custom ACLs though. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature