[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
adding remote attribute to entry
Hi!
There a two directories: 1. o=inside 2. o=outside
Inside there the local entries, i.e. for persons
dn: employeenumber=1,ou=people,o=inside
mail: user@inside
...
Outside is the CA's directory. The user's certificate is there under a
DN with the mail address in it.
dn: mail=user@inside,ou=foo,o=outside
usercertificate:: xxxxxxxxx
...
Now CA's usercertificate must appear in the user's entry:
dn: employeenumber=1,ou=people,o=inside
mail: user@inside
usercertificate:: xxxxxxxxx
...
But: Outside directories can only be reached by an ldap proxy.
So there is a third server working as a proxy with ldap-meta backend.
By now a can manually search for certificates, which are
'suffixmassage'd into ou=ca,o=outside.
dn: mail=user@inside,ou=ca,o=inside
mail: user@inside
usercertificate:: xxxxxxxxx
...
As far as I understand, slapo-translucent could add the usercertificate
attribute to user's entry.
But how to tell slapo-translucent to search by attribute mail to find
the corresponding entry in (ou=ca,o=inside or) o=outside?
Can / must this be done with slapo-rwm?
I can guess the outside DN from the user's mail attribute. (But not vice
versa; I can only search for the inside entry by attribute mail.) So I
know what entry I want / what to search for. But does this help me? [uri
filter?]
client:
search for certificate of employee #1
|
|
--search-->
inside: outside:
dn: employeenumber=1,ou=people,o=inside
mail: user@inside --search--> mail: user@inside
... <--return-- usercertificate::
xxxxxxxxx
|
|
--return--> dn: employeenumber=1,ou=people,o=inside
mail: user@inside
usercertificate:: xxxxxxxxx
...
Hans