ldapldap-queryapache-ranger
LDAP limit user search on specific OUs
I have been wondering whether it is possible to limit OUs in search base. This is how my hierarchy looks like:
Now, my search base is: dc=prod,dc=prod,dc=co
Is there possibility to limit user search only to these:
- OU=PROD,OU=SYS
- OU=PROD,OU=Int
- OU=UNIX
I'm a noob in this area, would be really welcome if someone could help.
Not sure if it is possible to use userSearchBase for multiple OUs (so far I understood that it is not possible, although for sssd I saw example which works) I think some user search filter might do it but wasn't really successful unfortunately
Solution
Yes, you can limit the search base to multiple or single OU's.
Ranger does accept multiple search bases, for example:-
OU=PROD,OU=SYS,dc=prod,dc=prod,dc=co;OU=PROD,OU=Int,dc=prod,dc=prod,dc;OU=UNIX,dc=prod,dc=prod,dc=co
Few thing to note, it has to be separated by ";" and it needs full path including "dc" values.
- ArgoCD LDAP : RBAC using LDAP is not working (Not assigning the policies)
- How to make an existing structural objectClass auxiliary?
- How do I restrict Apache/SVN access to specific users (LDAP/file-based authentication)?
- LDAP- adding new attribute schema using ldapmodify
- Cannot retrive objectName from searchEntry when I update ldapjs to v3
- Why am I getting 'System.__ComObject' from my LDAP property?
- C# Cannot connect to AD using LDAPS
- ldap_mod_replace returns true but password does not change
- Jenkins administratively disabled user in LDAP causing false negatives
- Is context need to be closed explicity in LDAP connection pooling
- Authentication fails after enabling RequireGroup in openvpn-auth-ldap.so
- Python 3.5, ldap3 and modify_password()
- Reset Active Directory password using Python and ldap3
- memberof and refint does not work in openLdap
- Retrieving User Information from LDAP Active Directory Server with Node.js using ldapjs package
- How do a LDAP search/authenticate against this LDAP in Java
- Enumerate all users including SIDs
- Web-based LDAP Browser
- kinit: Preauthentication failed while getting initial credentials
- C# OpenLDAP Error: unicodePwd: attribute type undefined
- Why do POST requests not work using Spnego/Kerberos authentication with Spring Security Kerberos?
- python-ldap creating a group returns "already exists" (in an empty OU and non existent sAMAccountName)
- NiFi 1.25 error when trying to connect to LDAP service: ClassCastException: LdapProvider
- Move Object to an OU in Active Directory
- What does samAccountType in groups of Active Directory mean?
- php - ldap_search(): search: operations error
- Combining LDAP Queries is not giving proper results
- Getting groups from LDAP to django
- How we can directly use kerberos ldap service ticket to authenticate with ldap and form the LDAP context
- Rmiregistry vs LDAP