FDS does not support this. There has been some work done in this area though, and it can easily be supported via a plugin. There are two example plug-ins included with the source code - http://cvs.fedora.redhat.com/lxr/dirsec/source/ldapserver/ldap/servers/slapd/test-plugins/ - the testdatainterop and testdbinterop plugins. These implement the capability to intercept search requests directed at the 'null suffix' "". Ideally, one would be able to configure the mapping tree (see the example code) and specify a list of suffixes to which access is allowed from a onelevel or subtree search from the "" suffix - you probably want searches to go into dc=yourdomain,dc=tld but not cn=schema or cn=config. This would also allow for "global" inheritance - setting ACIs, groups, roles, etc. at the top level and having them apply to all suffixes. Kevin Myer wrote: >On initial configuration and later in the management console, you specify or use >a "User directory subtree". For a single organization, this may be easy to >setup, but for ourselves, we manage directory entries for a variety of >.k12.pa.us, .org, and .net domains. So whats the best way of creating a view >that encompasses all of those? Is it possible to use a blank subtree, so that >when I search for a user from within the management application, I can find >them all, regardless of the domain components used? Or are there better ways >to handle this? > >Thanks, >Kevin > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20050728/3b42b817/attachment.bin
