Hi,How to say not to use a particular objectClass for a dn. For example,harish@openSUSE:~> ldapsearch -x -b 'dc=my-domain,dc=com' '(objectclass=*)' # extended LDIF## LDAPv3# base <dc=my-domain,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL# # my-domain.comdn: dc=my-domain,dc=comobjectClass: dcObjectobjectClass: organizationdc: my-domaino: Example Corporation # Manager, my-domain.comdn: cn=Manager,dc=my-domain,dc=comobjectClass: organizationalRolecn: Managerdescription: Directory Manager # search resultsearch: 2result: 0 Success Here, we see that dn: dc=my-domain,dc=com uses objectClass: organizationI want to say not to use objectClass: organization. How to do this? Thanks,Harish Pathangay
Harishkumar Pathangay wrote:
Hi,How to say not to use a particular objectClass for a dn. For example,harish@openSUSE:~> ldapsearch -x -b 'dc=my-domain,dc=com' '(objectclass=*)' # extended LDIF## LDAPv3# base <dc=my-domain,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL# # my-domain.comdn: dc=my-domain,dc=comobjectClass: dcObjectobjectClass: organizationdc: my-domaino: Example Corporation # Manager, my-domain.comdn: cn=Manager,dc=my-domain,dc=comobjectClass: organizationalRolecn: Managerdescription: Directory Manager # search resultsearch: 2result: 0 Success Here, we see that dn: dc=my-domain,dc=com uses objectClass: organizationI want to say not to use objectClass: organization. How to do this?
You probably want to have DIT structure rules which are (unfortunately) not implemented by OpenLDAP yet.
It's possible to work-around this with ACLs: http://www.openldap.org/faq/data/cache/1474.html
A schema-aware client cannot detect the custom ACLs though.
Ciao, Michael.
Hi, Can you please suggest some documentation to learn LDAP basics.I am struggling with understanding even what a DN is? I am not able to add entries like:# Add Org Unit Actorsdn: ou=Sales,o=Example Corporation,dc=my-domain,dc=comobjectClass: dcObjectobjectClass: organizationobjectClass: organizationalUnitdc: my-domaino: Example Corporationou: Sales I am getting Structural Object Class Chain Errors.So, what is the kind of Hierarchial Structure we can build using openLDAP?Are there restrictions in terms of creating DN also? Please suggest some documentation links where i can learn the basics clearly. Thanks,Harish Pathangay
Date: Sun, 10 Nov 2013 11:55:52 +0100 From: michael@stroeder.com To: harishpathangay@outlook.com; openldap-technical@openldap.org Subject: Re: How to say not to use a particular objectClass for a dn
Harishkumar Pathangay wrote:
Hi,How to say not to use a particular objectClass for a dn. For example,harish@openSUSE:~> ldapsearch -x -b 'dc=my-domain,dc=com' '(objectclass=*)' # extended LDIF## LDAPv3# base <dc=my-domain,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL# # my-domain.comdn: dc=my-domain,dc=comobjectClass: dcObjectobjectClass: organizationdc: my-domaino: Example Corporation # Manager, my-domain.comdn: cn=Manager,dc=my-domain,dc=comobjectClass: organizationalRolecn: Managerdescription: Directory Manager # search resultsearch: 2result: 0 Success Here, we see that dn: dc=my-domain,dc=com uses objectClass: organizationI want to say not to use objectClass: organization. How to do this?
You probably want to have DIT structure rules which are (unfortunately) not implemented by OpenLDAP yet.
It's possible to work-around this with ACLs: http://www.openldap.org/faq/data/cache/1474.html
A schema-aware client cannot detect the custom ACLs though.
Ciao, Michael.
On 11/10/2013 04:13 PM, Harishkumar Pathangay wrote:
Hi,
Can you please suggest some documentation to learn LDAP basics. I am struggling with understanding even what a DN is?
If you are new to LDAP/OpenLDAP then it probably helps to read a book like 'LDAP System Adminstration' or 'Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services' or 'Understanding and Deploying LDAP Directory Services'. And always read the OpenLDAP Admin Guide and the openldap man pages.
Regards, Patrick
openldap-technical@openldap.org
-
Harishkumar Pathangay -
Michael Ströder -
Patrick Lists