Hi folks -
first, a simple, direct question. I'm trying to use the meta backend, and exclude part of the
back-end directory (which is AD, if that matters).
I tried the following config:
--------------------------
include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/core.schema
include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/cosine.schema
include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/inetorgperson.schema
include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/nis.schema
pidfile /var/run/openldap/slapd-filter.pid
argsfile /var/run/openldap/slapd-filter.args
loglevel any
access to *
by * read
database meta
suffix "dc=adsroot,dc=itd,dc=umich,dc=edu"
uri "ldap://adsroot.itd.umich.edu/dc=adsroot,dc=itd,dc=umich,dc=edu"
rootdn "cn=Manager,dc=adsroot,dc=itd,dc=umich,dc=edu"
#subtree-exclude "ou=ICPSR,ou=Organizations,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu"
#subtree-exclude "ou=ICPSR,ou=Accounts,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu"
subtree-exclude "dn.subtree:ou=ICPSR,ou=Organizations,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu"
subtree-exclude "dn.subtree:ou=ICPSR,ou=Accounts,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu"
--------------------------
As you can see i tried two syntaxes for subtree-exclude. with either one, a search for "cn=danno" returns
dn: cn=danno,ou=ICPSR,ou=Accounts,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu
What am I doing wrong? Or do I misunderstand what subtree-exclude is supposed to be doing?
openldap 2.4.39 on centos 6, x64.
first, a simple, direct question. I'm trying to use the meta backend, and exclude part of the
back-end directory (which is AD, if that matters).
I tried the following config:
--------------------------
include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/core.schema
include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/cosine.schema
include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/inetorgperson.schema
include /usr/local/pkg/openldap-2.4.39/etc/openldap/schema/nis.schema
pidfile /var/run/openldap/slapd-filter.pid
argsfile /var/run/openldap/slapd-filter.args
loglevel any
access to *
by * read
database meta
suffix "dc=adsroot,dc=itd,dc=umich,dc=edu"
uri "ldap://adsroot.itd.umich.edu/dc=adsroot,dc=itd,dc=umich,dc=edu"
rootdn "cn=Manager,dc=adsroot,dc=itd,dc=umich,dc=edu"
#subtree-exclude "ou=ICPSR,ou=Organizations,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu"
#subtree-exclude "ou=ICPSR,ou=Accounts,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu"
subtree-exclude "dn.subtree:ou=ICPSR,ou=Organizations,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu"
subtree-exclude "dn.subtree:ou=ICPSR,ou=Accounts,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu"
--------------------------
As you can see i tried two syntaxes for subtree-exclude. with either one, a search for "cn=danno" returns
dn: cn=danno,ou=ICPSR,ou=Accounts,ou=UMICH,dc=adsroot,dc=itd,dc=umich,dc=edu
What am I doing wrong? Or do I misunderstand what subtree-exclude is supposed to be doing?
openldap 2.4.39 on centos 6, x64.