Hi, Can you please suggest some documentation to learn LDAP basics.I am struggling with understanding even what a DN is? I am not able to add entries like:# Add Org Unit Actorsdn: ou=Sales,o=Example Corporation,dc=my-domain,dc=comobjectClass: dcObjectobjectClass: organizationobjectClass: organizationalUnitdc: my-domaino: Example Corporationou: Sales I am getting Structural Object Class Chain Errors.So, what is the kind of Hierarchial Structure we can build using openLDAP?Are there restrictions in terms of creating DN also? Please suggest some documentation links where i can learn the basics clearly. Thanks,Harish Pathangay
> Date: Sun, 10 Nov 2013 11:55:52 +0100 > From: [email protected] > To: [email protected]; [email protected] > Subject: Re: How to say not to use a particular objectClass for a dn > > Harishkumar Pathangay wrote: > > Hi,How to say not to use a particular objectClass for a dn. > > For example,harish@openSUSE:~> ldapsearch -x -b 'dc=my-domain,dc=com' > > '(objectclass=*)' # extended LDIF## LDAPv3# base <dc=my-domain,dc=com> with > > scope subtree# filter: (objectclass=*)# requesting: ALL# > > # my-domain.comdn: dc=my-domain,dc=comobjectClass: dcObjectobjectClass: > > organizationdc: my-domaino: Example Corporation > > # Manager, my-domain.comdn: cn=Manager,dc=my-domain,dc=comobjectClass: > > organizationalRolecn: Managerdescription: Directory Manager > > # search resultsearch: 2result: 0 Success > > Here, we see that dn: dc=my-domain,dc=com uses objectClass: organizationI > > want to say not to use objectClass: organization. > > How to do this? > > You probably want to have DIT structure rules which are (unfortunately) not > implemented by OpenLDAP yet. > > It's possible to work-around this with ACLs: > http://www.openldap.org/faq/data/cache/1474.html > > A schema-aware client cannot detect the custom ACLs though. > > Ciao, Michael. > >
