[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Fwd: LDAP backend
>
> I have made some changes the the LDAP backend that might be useful to
> others. The idea is to map attribute names and objectclasses from
> the foreign server to different values on the local slapd. The
> reason is that some attributes might not be part of the local slapd's
> schema, some attribute names might be different but serve the same
> purpose, etc. The ldap backend understands a new "map" config
> statement:
>
> map {attribute | objectclass} {<local name> | *} [<foreign name> | *]
>
> For example, Active Directory uses the objectclass "group", where
> slapd might use "groupOfNames". So you'd have a mapping line like
> this:
>
> map objectclass groupOfNames group
>
> Or, you might be interested in presenting a limited attribute set
> from the foreign server, for example:
>
> map attribute cn *
> map attribute sn *
> map attribute manager *
> map attribute description *
> map attribute *
>
> These lines map cn, sn, manager, and description to themselves, and
> any other attribute gets "removed" from the object before it is sent
> to the client (or sent up to the LDAP server). This is obviously a
> simplistic example, but you get the point.
>
I think I do get the point, and it definitely sounds interesting to me.
I think the power of this backend can be tremendous, and in my company's
plans it might become the backbone of a meta-directory project I'm working on.
> If no maps are defined, the behavior is just like it is now.
>
> So, is this of general interest? Pierangelo, do you want to finish
> your recent changes before I commit?
Well', I'm not a developer, at present, so you'd rather ask Howard or Kurt.
Anyway, in my opinion, you should definitely submit a snapshot; I don't
think it is going to conflict with my proposed patches because we're
working on different parts of the code in the repositoryi, I guess.
In case both patches are accepted, we could synchronize if needed.
Pierangelo Masarati