I am setting up Oracle OUD for the first time and am learning how to
implement entry and attribute security in OUD. I am running the Linux
64 v2.0.0.v20150606-M9 version of Apache Directory Studio.
My OUD DIT structure is similar to:
dc=acme,dc=com
cn=Groups
cn=Users
ou=Employees
ou=Contractors
ou=Customers
If I place an ACL on "dc=acme,dc=com":
aci: (target = "ldap:///dc=acme,dc=com";)(targetattr = "* ||
+")(targetscope = "*onelevel*") (version 3.0; acl "sample"; allow
(search,read,compare) userdn = "ldap:///all";;)
...note that I'm setting the scope on the ACI to onelevel (not base or
sub). In Apache Directory Studio I have a connection profile for one of
the user entries in the ou=Employees container, all when the Apache
Directory Studio returns results when I successfully bind, it only
displays the ROOTDSE.
Here's the interesting thing. If I do the following ldapsearch (using
ldapseach from OpenLDAP 2.4.40):
ldapsearch -x -LLL -h 10.0.0.100 -p 389 -b dc=acme,dc=com -D
cn=test-01,ou=customers,cn=users,dc=acme,dc=com -W "(objectclass=*)"
...I get back the following, which is what I understand for the OUD
Admin guide I should get back:
dn: cn=Users,dc=acme,dc=com
cn: Users
objectClass: orclContainer
objectClass: top
dn: cn=Groups,dc=acme,dc=com
cn: Groups
objectClass: orclContainer
objectClass: top
For the ldapseach command, when no -b (base) or -s (scope) is provided,
the search is performed from the ROOTDSE with a sub scope.
Why are my results different when using Apache Directory Studio?
--
D o n
