Hi,
On Thu, May 10, 2018 at 06:02:48PM +0200, Ervin Hegedüs wrote:
Hi again,
On Wed, May 09, 2018 at 01:00:05PM +0200, Ervin Hegedüs wrote:
Hi,
[...]
Is there any way to set up one or more ACL's, where admin1 user can set up the dc=sub-company21,dc=company2,dc=hu as baseDN, and can start to search from there, but he will see the entries only from ou=orgunit1 and ou=orgunit2?
if there isn't any solution with ACL, can I make it some other way? I mean, back_meta, rewrite, or other overlay solutions...?
I'm playing with aliases, thought I can make it with it.
The tree:
dn: ou=orgunit1,dc=sub-company21,dc=company2,dc=hu dn: ou=orgunit2,dc=sub-company21,dc=company2,dc=hu dn: ou=orgunit3,dc=sub-company21,dc=company2,dc=hu
and the new "collection": dn: ou=collection1,dc=sub-company21,dc=company2,dc=hu
I'ld like to add an alias from ou=orgunit1 under ou=collection1:
dn: ou=orgunit1,dc=sub-company21,dc=company2,dc=hu changetype: add objectClass: alias objectClass: top objectClass: organizationalUnit aliasedObjectName: ou=orgunit1,ou=collection1,dc=sub-company21,dc=company2,dc=hu
but the ldapadd gives:
invalid structural object class chain (alias/organizationalUnit)
I've tried to add the alias as dn=aliased_name, and aliasedObjectName is the original, but same result.
How can I add the OU alias, with all children?
Thanks,
a.