Ideally, one would be able to configure the mapping tree (see the example code) and specify a list of suffixes to which access is allowed from a onelevel or subtree search from the "" suffix - you probably want searches to go into dc=yourdomain,dc=tld but not cn=schema or cn=config. This would also allow for "global" inheritance - setting ACIs, groups, roles, etc. at the top level and having them apply to all suffixes.
Kevin Myer wrote:
On initial configuration and later in the management console, you specify or use a "User directory subtree". For a single organization, this may be easy to setup, but for ourselves, we manage directory entries for a variety of .k12.pa.us, .org, and .net domains. So whats the best way of creating a view that encompasses all of those? Is it possible to use a blank subtree, so that when I search for a user from within the management application, I can find them all, regardless of the domain components used? Or are there better ways to handle this? Thanks, Kevin
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
