[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap rewrite 2307 group attribute

To: Tyson Lambert <tj.lambert@gmail.com>
Subject: Re: openldap rewrite 2307 group attribute
From: Pierangelo Masarati <ando@sys-net.it>
Date: Wed, 08 Dec 2004 17:13:37 +0100
Cc: openldap-software@OpenLDAP.org
References: <60ff47960412071712321475f@mail.gmail.com> <41B6A1D9.6090702@symas.com> <60ff4796041207233213eeb554@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Tyson Lambert wrote:

Meanwhile.. how would one hypothetically do this with a rewrite?

You can't. By design, only DN-valued attributes can be rewritten (it's a long story, but the sense is that you shouldn't change the meaning, but only the format of values; for instance, the naming context). So, to allow rewriting, both the remote and the local attributes must be DN-valued. And what you want to obtain in the end is not goung to be a valid DN, so don't even think that hacking the schema would help. Of course you can hack back-ldap where it maps attributeTypes, and make it alter the value as well based on your own rules, or, if you're using 2.2, you can write a dedicated overlay; that's what overlays are for, non-standard things.

p.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- openldap rewrite 2307 group attribute
  - From: Tyson Lambert <tj.lambert@gmail.com>
- Re: openldap rewrite 2307 group attribute
  - From: Howard Chu <hyc@symas.com>
- Re: openldap rewrite 2307 group attribute
  - From: Tyson Lambert <tj.lambert@gmail.com>

Prev by Date: Re: cn=Monitor Ok, but no data (/values) ?
Next by Date: Re: Replication problem with slurpd
Index(es):
- Chronological
- Thread