Hi,
may be the subject doesn't give back my real quastion... and may be this is a returned topic... sorry.
Scenario: there is a database with several DC's, all DC's divided to several OU's, and most OU contains several other OU's.
dc=hu + dc=company1 + dc=company2 + dc = sub-company21 + ou = orgunit1 + ou = orgunit2 + ou = orgunit3
and there are several users.
Take a look two examples:
uid=admin1,ou=some-org,dc=sub-company21,dc=company2,dc=hu needs to read the ou=orgunit1 and ou=orgunit2.
uid=admin2,ou=some-org,dc=sub-company21,dc=company2,dc=hu needs to read full dc=sub-company21 subtree.
All of them are WORKING now as well with ACL's.
But now, the admin1 user needs to set up two different connections in GUI browser, because he can't set up the dc=sub-company21,dc=company2,dc=hu as baseDN.
When he uses the search through API, then he needs to make 2 different lookup to collect all nodes from DB, and merge them.
Is there any way to set up one or more ACL's, where admin1 user can set up the dc=sub-company21,dc=company2,dc=hu as baseDN, and can start to search from there, but he will see the entries only from ou=orgunit1 and ou=orgunit2?
Hope that's clear...
Thanks,
a.