10 May
2018
10 May
'18
9:12 a.m.
On Thu, 10 May 2018, Ervin Hegedüs wrote:
On Wed, May 09, 2018 at 01:00:05PM +0200, Ervin Hegedüs wrote:
Is there any way to set up one or more ACL's, where admin1 user can set up the dc=sub-company21,dc=company2,dc=hu as baseDN, and can start to search from there, but he will see the entries only from ou=orgunit1 and ou=orgunit2?
if there isn't any solution with ACL, can I make it some other way? I mean, back_meta, rewrite, or other overlay solutions...?
An LDAP filter can test the components of an entry's DN with a clause such as: (|(ou:dn:=orgunit1)(ou:dn:=orgunit2))
Note the ":dn" syntax there.
Perhaps an ACL using an LDAP filter containing something like that would be part of a solution.
Philip Guenther