[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Changing a dog into a tree with back-ldap

To: <chris.nicol@evidian.com>
Subject: Re: Changing a dog into a tree with back-ldap
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Mon, 27 Jan 2003 15:55:29 +0100 (CET)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <21ba01c2c60a$ef9de430$3d16b681@naxos>
References: <21ba01c2c60a$ef9de430$3d16b681@naxos>

> Hi all,
>
> As this seems to have got a bit long, I'll put the main
> questions at the top (they all refer to back-ldap):
>
> Can I change the objectclass of an object when writing?
No; you may consider it a bug, or a not-implemented-yet feature;
it can be added very easily.

> Can I strip out objectclass lines with "map objectclass xx"?
In principle, yes; I note that a

objectClass:

line (empty value) remains; this is a bug I'll fix in a minute.

> Can the rewrite engine change the dn, object classes or attribute types?
The DN and the DN-valued attrs in search base, filters and results;
nearly everything in a search filter (provided you can match it with
a regular expression); every DN in every operation involving a DN.

> Does the rewrite engine work as well with Chinese characters as with
> latin?
Never tried; actually, all the regex-ing would deal with unicode
strings, which might not yield the expected results.

> Is there a better way to transform objects than back-ldap?
If "better" means "more flexible", then any scripting backend
is better than back-ldap (e.g. back-perl, back-tcl, back-shell)
provided you're good at writing callbacks.  If you wish to play
with HEAD code, there's also a rapidly growing support for
backend API "a la Netscape", i.e. SLAPI.  But it needs even more
programming skill and it is not released yet, you have to live
with frequent CVS updates.

>
> End of summary and beginning of long message.
> Thanks for any help,
> Chris Nicol :o)
>
> I'd like to transform objects between client and server, both when
> reading and when writing.  It seems back-ldap can do some (but not all?)
> of the  things I want.  I've read the man page and run a few tests (with
> version  2.1.8).  Any advice on how to make it do what I want would be
> appreciated (including "Start coding at ...").

In back-{ldap,meta}/{add.c,modify.c} there is a place where attribute
types are remapped; if an objectclass attribute type is found, instead
of remapping the type you should attempt to remap the value by using
the objectclass remap info.

>
> If I understand correctly, back-ldap was designed to redirect requests
> to other servers and manipulate dns to make this invisible to the
> client.   However, it can also (or might also be able to):
>
> 1) change attribute names
>
> The "map attribute" directive allows my client to see "attribute1: abc"
> as "attribute2: abc"

correct

>
> It also allows the client to write "attribute2: cde" and have it appear
> in  the target as "attribute1: cde"

not yet.

>
> 2) change object classes
>
> I've got back-ldap to present "objectclass: dog" as "objectclass: cat"
> but it will not write a cat as a dog.  Is this intended, or is it a bug?
>  This is my main problem.

not yet.

>
> 3) remove attributes when reading
>
> back-ldap removes attributes which are not in its schema. Fine.
> You can also specify attributes to remove in slapd.conf.

correct

>
> 4) add attributes when writing
>
> As far as I can tell this is impossible and not intended.

correct

>
> 5) remove objectclasses when reading
>
> I'd like to be able to transform top/animal/dog into top/tree.  This
> would mean changing "dog" or "animal" into "tree" (see 2 above) and
> stripping the other class out.  The man page implies that this is
> possible ("map objectclass animal") but it didn't do what I expected (I
> think I got an object class line with no value).

correct; a bug prevents full removal

>
> 6) add objectclasses when writing
>
> As far as I can tell this is impossible and not intended.

correct

>
> 7) do just about anything to text values
>
> I haven't tested the "rewrite engine" - but I think it's intended only
> for modifying text attribute values.  Can it also manipulate the dn,
> objectclasses or attribute types?  Are there any particular
> considerations  for multi-byte character strings?

not really; the rewrite engine works on virtually ANY DN that is
involved in any operation; It also works on search filters.  Other
rewriting was intentionally disallowed because mucking with values
is "not polite", while mucking with naming contexts and schema
may be viewed as an "administrative task"; however, scripting
backends and, recently, SLAPI, allow administrators to muck with
everything.

Pierangelo.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

Follow-Ups:
- Re: Changing a dog into a tree with back-ldap
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Changing a dog into a tree with back-ldap
  - From: "Chris Nicol" <chris.nicol@evidian.com>

References:
- Changing a dog into a tree with back-ldap
  - From: "Chris Nicol" <chris.nicol@evidian.com>

Prev by Date: Re: How can I lock a record using php-ldap?
Next by Date: Re: Problem with userCertificate;binary
Index(es):
- Chronological
- Thread