Hi, On Thu, May 10, 2018 at 06:02:48PM +0200, Ervin Hegedüs wrote: > Hi again, > > On Wed, May 09, 2018 at 01:00:05PM +0200, Ervin Hegedüs wrote: > > Hi, > > > [...] > > > > > Is there any way to set up one or more ACL's, where admin1 user > > can set up the dc=sub-company21,dc=company2,dc=hu as baseDN, and > > can start to search from there, but he will see the entries only > > from ou=orgunit1 and ou=orgunit2? > > if there isn't any solution with ACL, can I make it some other > way? I mean, back_meta, rewrite, or other overlay solutions...? >
I'm playing with aliases, thought I can make it with it. The tree: dn: ou=orgunit1,dc=sub-company21,dc=company2,dc=hu dn: ou=orgunit2,dc=sub-company21,dc=company2,dc=hu dn: ou=orgunit3,dc=sub-company21,dc=company2,dc=hu and the new "collection": dn: ou=collection1,dc=sub-company21,dc=company2,dc=hu I'ld like to add an alias from ou=orgunit1 under ou=collection1: dn: ou=orgunit1,dc=sub-company21,dc=company2,dc=hu changetype: add objectClass: alias objectClass: top objectClass: organizationalUnit aliasedObjectName: ou=orgunit1,ou=collection1,dc=sub-company21,dc=company2,dc=hu but the ldapadd gives: invalid structural object class chain (alias/organizationalUnit) I've tried to add the alias as dn=aliased_name, and aliasedObjectName is the original, but same result. How can I add the OU alias, with all children? Thanks, a.
