ldapldap-queryapache-ranger

LDAP limit user search on specific OUs


I have been wondering whether it is possible to limit OUs in search base. This is how my hierarchy looks like:

enter image description here

Now, my search base is: dc=prod,dc=prod,dc=co

Is there possibility to limit user search only to these:

I'm a noob in this area, would be really welcome if someone could help.

Not sure if it is possible to use userSearchBase for multiple OUs (so far I understood that it is not possible, although for sssd I saw example which works) I think some user search filter might do it but wasn't really successful unfortunately


Solution

  • Yes, you can limit the search base to multiple or single OU's.

    Ranger does accept multiple search bases, for example:-

    OU=PROD,OU=SYS,dc=prod,dc=prod,dc=co;OU=PROD,OU=Int,dc=prod,dc=prod,dc;OU=UNIX,dc=prod,dc=prod,dc=co
    

    Few thing to note, it has to be separated by ";" and it needs full path including "dc" values.