Today I tried your suggestion, but with the same result.
I also tried to comment out the "overlay" declaration of other overlays not
involved (sssvlv, auditlog, memberOf) but again I obtained the same result.
On Wed, Sep 29, 2010 at 6:13 PM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote:
> --On Wednesday, September 29, 2010 9:02 AM +0200 Marco Pizzoli <
> marco.pizzoli(a)gmail.com> wrote:
> Hi Quanah,
>> you're right. Those weren't my configuration but only an indication of
>> the order in which those "groups" of directives appear in my slapd.conf
>> config file.
> If you disable the sssvlv overlay entirely, do you still have this issue?
> (I.e., don't load it, etc).
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> Zimbra :: the leader in open source messaging and collaboration
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Is there any way to make back_meta or back_ldap forward server controls used
in the queries to the LDAP servers?.
I have a configuration where a back_meta acts as a proxy to an Active
Directory, and currently clients are unable to make searches which return
more results than the page size configure int AD, which by default is 1000,
because, altough both their clients and AD support paged searches, back_meta
does not forward it AFAIK.
I have the following structure on my LDAP server:
Under users I have some user accounts, such as
cn=user1,ou=Users,dc=diegolima,dc=org. I'd like to allow users to
create an OU under ou=Misc as long as the OU had the user's name, such
as ou=user1,ou=Misc,dc=diegolima,dc=org for user1 or
ou=user2,ou=Misc,dc=diegolima,dc=org for user2, however I wouldn't
like to simply create an ACL such as:
access to dn.exact="ou=Misc,dc=diegolima,dc=org"
by * add
as this ultimately allows user1 to create an ou named
"ou=user2,ou=Misc". What I first tried was adding an ACL like this:
access to dn.regex="^ou=([^,]+),ou=Misc,dc=diegolima,dc=org"
by dn.exact,expand="cn=$1,dc=diegolima,dc=org" write
by * none
However I receive an error telling me that I need write access to the
parent entry to create this, and if I use the first ACL I seem to be
able to create OUs without any naming restriction. Is there even a way
to accomplish this?
Thank you very much!