Am Sun, 13 May 2018 09:42:22 +0200 schrieb Ervin Hegedüs airween@gmail.com:
Hi,
On Thu, May 10, 2018 at 06:02:48PM +0200, Ervin Hegedüs wrote:
Hi again,
On Wed, May 09, 2018 at 01:00:05PM +0200, Ervin Hegedüs wrote:
Hi,
[...]
Is there any way to set up one or more ACL's, where admin1 user can set up the dc=sub-company21,dc=company2,dc=hu as baseDN, and can start to search from there, but he will see the entries only from ou=orgunit1 and ou=orgunit2?
if there isn't any solution with ACL, can I make it some other way? I mean, back_meta, rewrite, or other overlay solutions...?
I'm playing with aliases, thought I can make it with it.
The tree:
dn: ou=orgunit1,dc=sub-company21,dc=company2,dc=hu dn: ou=orgunit2,dc=sub-company21,dc=company2,dc=hu dn: ou=orgunit3,dc=sub-company21,dc=company2,dc=hu
and the new "collection": dn: ou=collection1,dc=sub-company21,dc=company2,dc=hu
I'ld like to add an alias from ou=orgunit1 under ou=collection1:
dn: ou=orgunit1,dc=sub-company21,dc=company2,dc=hu changetype: add objectClass: alias objectClass: top objectClass: organizationalUnit aliasedObjectName: ou=orgunit1,ou=collection1,dc=sub-company21,dc=company2,dc=hu
but the ldapadd gives:
invalid structural object class chain (alias/organizationalUnit)
I've tried to add the alias as dn=aliased_name, and aliasedObjectName is the original, but same result.
How can I add the OU alias, with all children?
Objectclasses aliasedObjectName and organizationalUnit are both structural Objectclasses, try to add auxiliary object classes, or create your own classes. Some documentation include extensibleObject class, but this would create additional security questions.
-Dieter