<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 07/09/2013 10:07 PM, Mark Reynolds
wrote:<br>
</div>
<blockquote cite="mid:51DC6D9C.3030406@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Hi Andy,<br>
<br>
What exactly do mean restrict the number of users/groups? Like a
size limit, or you want to restrict particular users/groups that
the client can see?<br>
<br>
If you want to restrict particular entries then you should use
access control - as long as your client is not binding as the root
DN(cn=directory manager):<br>
<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Access_Control.html">https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Access_Control.html</a><br>
</blockquote>
<br>
<br>
Andy,<br>
<br>
I would use "Views" to do so. They are compared to like a filter
(without specifying the on the client) but mandatory to authenticate
(as you would like to limit the base what they can see). There for
you would add some unique identification for your objects (eq.
nsrole: cn=myApplicationName,dc=example,dc=com of course you can
have multiple ones)<br>
then you create an object like<br>
<br>
dn: ou=MyView,dc=example,dc=com<br>
objectClass: top<br>
objectClass: nsview<br>
objectClass: organizationalUnit<br>
ou: MyView<br>
nsviewfilter: (nsrole=cn=myApplication,...) <br>
<br>
and restrict the DN's your clients authenticating against your
Directory to this view only ... <br>
<br>
<a class="moz-txt-link-freetext" href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/using-views.html">https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/using-views.html</a><br>
<br>
regards<br>
mIke<br>
<br>
<br>
<blockquote cite="mid:51DC6D9C.3030406@redhat.com" type="cite"> <br>
Regards,<br>
Mark<br>
<br>
<div class="moz-cite-prefix">On 07/08/2013 06:43 PM, Andy Spooner
wrote:<br>
</div>
<blockquote
cite="mid:b9410c6164d947f2b94f01aafdd9408e@DB3PR05MB012.eurprd05.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Arial Black";
panose-1:2 11 10 4 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">How do I restrict the number of groups or
users that an application/service can see?<o:p></o:p></p>
<p class="MsoNormal">I have an application that authenticates
against 389. I want to restrict the groups that are
available to the application.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards<o:p></o:p></p>
<p class="MsoNormal">Andy<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";mso-fareast-language:EN-GB"
lang="EN-US">The contents of this email are strictly
confidential to the intended recipient(s). If received
in error you may not copy or distribute this message and
should delete and destroy all copies and kindly notify
the sender by return email. Emails may be interfered
with, may contain computer viruses or other defects.
SHORT FILMS 4 U Limited gives no warranties in relation
to these matters</span></b><b><span
style="font-size:9.0pt;font-family:"Arial
Black","sans-serif";mso-fareast-language:EN-GB"
lang="EN-US">.</span></b><span
style="font-family:"Times New
Roman","serif";mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Mark Reynolds
Red Hat, Inc
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:mreynolds@redhat.com">mreynolds@redhat.com</a></pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>