subtreeSpecification
A subtree specification provides a way to describe a subset of entries in a subtree of the DIT. A subtree begins at a base entry and includes the subordinates of that entry to an optionally specified lower boundary, possibly including leaf entries.
The following example uses a subtree specification to apply privileges
to Directory Administrators group members
under ou=people (relative to the parent of the subentry).
In other words, this sample applies to entries
under ou=people,dc=example,dc=com:
dn: cn=Administrator Privileges,dc=example,dc=com
objectClass: collectiveAttributeSubentry
objectClass: extensibleObject
objectClass: subentry
objectClass: top
cn: Administrator Privileges
ds-privilege-name;collective: config-read
ds-privilege-name;collective: config-write
ds-privilege-name;collective: ldif-export
ds-privilege-name;collective: modify-acl
ds-privilege-name;collective: password-reset
ds-privilege-name;collective: proxied-auth
subtreeSpecification: {base "ou=people", specificationFilter
"(isMemberOf=cn=Directory Administrators,ou=Groups,dc=example,dc=com)" }
Notice that the subentry where this operational attribute occurs sets the context that implicitly defines the bounds of the subtree.
Single value |
true |
Origin |
|
Usage |
directoryOperation |
Ordering matching rule |
|
OID |
2.5.18.6 |
User modification allowed |
true |
Schema file |
00-core.ldif |
Names |
subtreeSpecification |
Used by |
inheritedCollectiveAttributeSubentry, inheritedFromDNCollectiveAttributeSubentry, inheritedFromRDNCollectiveAttributeSubentry, subentry |
Syntax |
|
Equality matching rule |