database relay, database meta, and ACLs (especially if it supports a bindDN) come to mind first.
On Wed, 31 Jan 2007, Don Hoover wrote:
Ok. Here is an interesting problem.
We have purchased one of those remote serial console access devices, and it "supports" ldap.
On our servers we use search filters to control who has access to which of our servers... such as sub?|(gid=55) etc.
BUT, this little thing only supports proving a "base" and not any filters. If it just has our base then everyone in our LDAP has access to this device and want to limit it to just the sysadmin group.
Is there a way to create a virtual view of our existing LDAP directory with a different base but behind the scenes is a filtered view of our full LDAP directory.
I thought I remember seeing something like this was available. Either as a backend option or something like that.
Any ideas?