[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Search only few subtrees under baseDN
On Thu, 10 May 2018, Ervin Hegedüs wrote:
> On Wed, May 09, 2018 at 01:00:05PM +0200, Ervin Hegedüs wrote:
> > Is there any way to set up one or more ACL's, where admin1 user
> > can set up the dc=sub-company21,dc=company2,dc=hu as baseDN, and
> > can start to search from there, but he will see the entries only
> > from ou=orgunit1 and ou=orgunit2?
>
> if there isn't any solution with ACL, can I make it some other
> way? I mean, back_meta, rewrite, or other overlay solutions...?
An LDAP filter can test the components of an entry's DN with a clause such
as:
(|(ou:dn:=orgunit1)(ou:dn:=orgunit2))
Note the ":dn" syntax there.
Perhaps an ACL using an LDAP filter containing something like that would
be part of a solution.
Philip Guenther