[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using openldap as a translation layer.

To: "Pierangelo Masarati" <ando@sys-net.it>
Subject: Re: using openldap as a translation layer.
From: "S James S Stapleton" <stapleton.41@osu.edu>
Date: Thu, 17 May 2007 14:47:41 -0400
Cc: openldap-software@openldap.org
References: <001d01c7989c$15a76300$1df39280@oitlan.oit.ohiostate.edu> <464C8BC5.4080602@sys-net.it>

Mine would definetly be the second method you described (I don't know what hte main LDAP server is running, and I can't touch its settings even if I knew)

Thes given instructions (copied below) go in the slapd.config, and everything else therein is removed?

Thanks,
-Jim Stapleton

database ldap
suffix "dc=mydomain,dc=tld"
uri "ldap://the.real.server/";
In either case, after all database specific directives you need to add

overlay rwm
# turn on rewriting (set to "off" to temporarily disable)
rwm-rewriteEngine on
# LDAP map that looks up the real DN for binds; add options as needed
# (see slapo-rwm(5) for details)
rwm-rewriteMap
ldap
"realBindDNLookup"
"ldap://server/ou=People,dc=mydomain,dc=tld?entryDN?sub";
# The actual bind DN rewrite rules
rwm-rewriteContext bindDN
# extract the username from the incorrect DN, and try to use it
# as mailbox in a lookup filter "(mail=<mailbox>@domain)" to
# fetch the corresponding DN
rwm-rewriteRule
"^uid=([^,]+),ou=People,dc=mydomain,dc=tld$"
"${realBindDNLookup(mail=$1@mydomain.tld)}" ":@I"
# if the lookup fails, the error is ignored, and thus
# the original DN is used.

Follow-Ups:
- Re: using openldap as a translation layer.
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- using openldap as a translation layer.
  - From: "S James S Stapleton" <stapleton.41@osu.edu>
- Re: using openldap as a translation layer.
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: [Rivendell] idassert-bind not working as expected?
Next by Date: Re: using openldap as a translation layer.
Index(es):
- Chronological
- Thread