So to treat it another way, could I have a fake DIT that is used to return massaged data? In other words, instead worrying about the binddn or the requestor at all, have a cn=accounts-2 and when a request is made from cn=accounts-2, have OpenLDAP look up the entry in cn=accounts and then do some regex or other alterations before returning the entry? -- DK On Wed, 2005-07-20 at 10:52, Pierangelo Masarati wrote: > Howard Chu wrote: > > > Pierangelo Masarati wrote: > > > >> > >> To answer Quanah's question, I think your ITS, as answered by Kurt, > >> is now entirely fulfilled by 2.3 code, by using back-relay and > >> slapo-rwm; the only thing it doesn't allow is to use the requested > >> name instead of the canonical one, e.g. returning "userid" instead of > >> "uid" when "userid" is requested (this was a long debated question; I > >> see the issue and I agree with the common answer that the current > >> behavior is preferable; for those that still wish this to be > >> possible, the answer is that it cannot be done with an overlay, so > >> there's very little chance that it will ever be possible with > >> OpenLDAP, except by hacking the code). > > > > Well, it can be done, but you need to duplicate each entry before > > being returned, and generate new AttributeDescriptions corresponding > > to the desired attributes... > > I would do this way: in the frontend, since we're keeping the requested > names in the array of AttributeName's, just use that value instead of > AttributeDescription.ad_cname, if applicable. It implies some overhead, > and may be unclean for other reasons (e.g. need to consider "*", "+", > "@<objectClass>" and so), but it would do the trick. Unfortunately, > there's no chance we can get to that point with any type of layer > (overlays, slapi, whatever). Unless we consider the opportunity of > having a layer __before__ decoding and __after__encoding. This would > allow, for instance, to implement the non-standard, protocol-violating > extension of ITS#3193 (ranges) without hacking the baseline code. > > p. > > > SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497 -- Digant C Kasundra Enterprise Operations and Systems Office of Information Technology University of Texas at Arlington Ph: 817-272-2208 GnuPG Public Key: http://omega.uta.edu/~digant/digant.gpg.asc To request technical support, please contact our computing Help Desk at 817-272-2208, e-mail helpdesk@uta.edu or create a work order at https://eservices.uta.edu/oitforms/workorder.html
Attachment:
signature.asc
Description: This is a digitally signed message part