Hi - Anyone have any thoughts about my question about "subtree-exclude" with slapd-meta?
Dan Pritts mailto:danno@umich.edu February 7, 2014 at 10:51 AM Hi folks -
first, a simple, direct question. I'm trying to use the meta backend, and exclude part of the back-end directory (which is AD, if that matters).
I tried the following config:
include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/core.schema include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/cosine.schema include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/inetorgperson.schema include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/nis.schema
pidfile /var/run/openldap/slapd-filter.pid argsfile /var/run/openldap/slapd-filter.args
loglevel any
access to * by * read
database meta suffix "dc=adsroot,dc=itd,dc=umich,dc=edu" uri "ldap://adsroot.itd.umich.edu/dc=adsroot,dc=itd,dc=umich,dc=edu" rootdn "cn=Manager,dc=adsroot,dc=itd,dc=umich,dc=edu"
#subtree-exclude "ou=ICPSR,ou=Organizations,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu" #subtree-exclude "ou=ICPSR,ou=Accounts,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu" subtree-exclude "dn.subtree:ou=ICPSR,ou=Organizations,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu" subtree-exclude "dn.subtree:ou=ICPSR,ou=Accounts,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu"
As you can see i tried two syntaxes for subtree-exclude. with either one, a search for "cn=danno" returns dn: cn=danno,ou=ICPSR,ou=Accounts,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu
What am I doing wrong? Or do I misunderstand what subtree-exclude is supposed to be doing?
openldap 2.4.39 on centos 6, x64.