[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
openldap rewrite 2307 group attribute
- To: openldap-software@OpenLDAP.org
- Subject: openldap rewrite 2307 group attribute
- From: Tyson Lambert <tj.lambert@gmail.com>
- Date: Tue, 7 Dec 2004 17:12:48 -0800
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=cGFnakPPa8o/crLZVJp9GOSoNuwK4gAcfYz0hwzQWwVmPjuO8tPxAsfIne6ymDr0flAJWRBX270il+9K3+uVvUCXqZYELngqXyjXyhnPX0UaFFSNDF65ABXRY2ujztDHyO4xoSpNem7coKtGj6xq8c3IiNQW2yqfIqRh3GWGMms=
Hello,
I'm trying to translate an attribute in active directory to one I can
use with my unix boxen. Right now I'm using attribute mappings in
much the same fasion as padl's nss_ldap module which is working great
except for the posix group attribute. My AD server stores unix groups
like so in an object class
Group:
msSFU30PosixMember=CN=nixuser,CN=Users,DC=circus,DC=test,DC=com
msSFU30PosixMember=CN=nixuser2,CN=Users,DC=circus,DC=test,DC=com
msSFU30PosixMember=CN=turkey,CN=Users,DC=circus,DC=test,DC=com
What I need is:
posixGroup:
memberuid=nixuser
memberuid=nixuser2
memberuid=turkey
With an attribute map from msSFU30PosixMember to memberuid I get this
using getent group:
nixtest:x:900:CN=turkey,CN=Users,DC=circus,DC=test,DC=com,CN=nixuser,CN=
Users,DC=circus,DC=test,DC=com,nixuser2,CN=Users,DC=circus,DC=test,DC=com
and what I'm looking for obviously is:
nixtest:x:900:turkey,nixuser,nixuser2
Can someone point me in the right direction for a rewrite rule that
can strip the DN off of user names? I haven't quite figured out how
to make a rule specific to just one type of attribute.
Here is the rest of my configuration file. Other than the secondary
groups it's working between active directory and aix, hpux, solaris
and linux pretty well:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/ad.schema
database ldap
# URI for our ADSI server
uri "ldap://ringmaster.circus.burlingame.ibm.com/"
lastmod off
rewriteEngine on
# back-ldap
suffix "dc=tent,dc=burlingame,dc=ibm,dc=com"
# this isn't essential in my set up
suffixmassage "dc=tent,dc=burlingame,dc=ibm,dc=com" "CN=Users,DC=circus,DC=bur
lingame,DC=ibm,DC=com"
map objectclass posixAccount User
map objectclass posixGroup Group
map objectclass shadowAccount organizationalPerson
map attribute uid msSFU30Name
map attribute uidNumber msSFU30UidNumber
map attribute gidNumber msSFU30GidNumber
map attribute cn sAMAccountName
map attribute memberuid msSFU30PosixMember
map attribute userPassword msSFU30Password
map attribute homeDirectory msSFU30HomeDirectory
map attribute loginShell msSFU30LoginShell
map attribute gecos name
map attribute shadowflag msSFU30ShadowFlag
Thanks!
-ty