[Date Prev][Date Next] [Chronological] [Thread] [Top]

adding remote attribute to entry



Hi!

There a two directories: 1. o=inside 2. o=outside

Inside there the local entries, i.e. for persons

dn: employeenumber=1,ou=people,o=inside
mail: user@inside
...

Outside is the CA's directory. The user's certificate is there under a DN with the mail address in it.

dn: mail=user@inside,ou=foo,o=outside
usercertificate:: xxxxxxxxx
...


Now CA's usercertificate must appear in the user's entry:

dn: employeenumber=1,ou=people,o=inside
mail: user@inside
usercertificate:: xxxxxxxxx
...


But: Outside directories can only be reached by an ldap proxy.
So there is a third server working as a proxy with ldap-meta backend.
By now a can manually search for certificates, which are 'suffixmassage'd into ou=ca,o=outside.


dn: mail=user@inside,ou=ca,o=inside
mail: user@inside
usercertificate:: xxxxxxxxx
...

As far as I understand, slapo-translucent could add the usercertificate attribute to user's entry.
But how to tell slapo-translucent to search by attribute mail to find the corresponding entry in (ou=ca,o=inside or) o=outside?
Can / must this be done with slapo-rwm?


I can guess the outside DN from the user's mail attribute. (But not vice versa; I can only search for the inside entry by attribute mail.) So I know what entry I want / what to search for. But does this help me? [uri filter?]

client:
search for certificate of employee #1
|
|
--search-->

     inside:                                           outside:
dn: employeenumber=1,ou=people,o=inside
mail: user@inside                        --search--> mail: user@inside
...                                      <--return-- usercertificate::
                                                              xxxxxxxxx
|
|
--return-->       dn: employeenumber=1,ou=people,o=inside
                  mail: user@inside
                  usercertificate:: xxxxxxxxx
                  ...




Hans