subtreeSpecification
A subtree specification provides a way to describe
a subset of entries in a subtree of the DIT.
A subtree begins at a base entry
and includes the subordinates of that entry to
an optionally specified lower boundary, possibly including leaf entries.
The following example uses a subtree specification to apply privileges
to Directory Administrators group members
under ou=people (relative to the parent of the subentry).
In other words, this sample applies to entries
under ou=people,dc=example,dc=com:
dn: cn=Administrator Privileges,dc=example,dc=com
objectClass: collectiveAttributeSubentry
objectClass: extensibleObject
objectClass: subentry
objectClass: top
cn: Administrator Privileges
ds-privilege-name;collective: config-read
ds-privilege-name;collective: config-write
ds-privilege-name;collective: ldif-export
ds-privilege-name;collective: modify-acl
ds-privilege-name;collective: password-reset
ds-privilege-name;collective: proxied-auth
subtreeSpecification: {base "ou=people", specificationFilter
"(isMemberOf=cn=Directory Administrators,ou=Groups,dc=example,dc=com)" }
Notice that the subentry where this operational attribute occurs
sets the context that implicitly defines the bounds of the subtree.
Origin |
|
Usage |
directoryOperation |
OID |
2.5.18.6 |
Equality Matching Rule |
|
Single Value |
true |
Names |
subtreeSpecification |
Ordering Matching Rule |
|
User Modification Allowed |
true |
Used By |
inheritedCollectiveAttributeSubentry, inheritedFromDNCollectiveAttributeSubentry, inheritedFromRDNCollectiveAttributeSubentry, subentry |
Schema File |
00-core.ldif |
Syntax |