Hello,
How can I create an entry (in terms of ldif/ldapadd/ldapmodify), which is not returned on searches (apart from tweaking the olcAccess rules?
https://www.openldap.org/devel/admin/replication.html says:
Because a general search filter can be used in the syncrepl
specification, some entries in the context may be omitted from the synchronization content. The syncrepl engine creates a glue entry to fill in the holes in the replica context if any part of the replica content is subordinate to the holes. The glue entries will not be returned in the search result unless ManageDsaIT control is provided.
Rationale: I want to create a directory, containing contacts under:
cn=juridical persons,dc=me cn=natural persons,dc=me
The LDAP clients shall query base dc=me with scope SUB. The LDAP clients shall see all subentries of Juridical Persons and all subentries of Natural Persons, but not the cn=juridical persons,dc=me cn=natural persons,dc=me and dc=me entries itself. As the latter entries do not represent Contacts (mail, phone, address), the entries shall not appear in address books.
Greetings Дилян