[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: need an overlay for rewriting attribute values

To: Thomas Wunder <thomas.wunder@swt-bamberg.de>
Subject: Re: need an overlay for rewriting attribute values
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 14 Jul 2010 13:20:05 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <4C3C9878.6020805@symas.com>
References: <201007131410.26051.thomas.wunder@swt-bamberg.de> <4C3C9878.6020805@symas.com>

Howard Chu writes:
>Thomas Wunder wrote:
>> The whole thing is needed because slapo-autogroup puts in full DNs as
>> attribute values but my client programs (e.g. nss-ldapd) expect only
>> a plain username to be there. In practical this means that I need to
>> have that overlay to split the values of a particular type of
>> attribute (like 'memberUid') and extract a particular part of it.
> 
> You're misusing the schema here. The memberUid attribute is only for simple 
> user IDs, not DNs.

...so you should put DNs in the 'member' attribute like the autogroup
doc says.  And you could write an overlay which inspects 'member' and
creates a 'memberUid' attribute.  If you take that route, look at
overlay usn in contrib/slapd-modules/ for a "template" if you want
memberUid to be maintained when member is updated, or allop or
overlays/dynlist if you want the attributes to be generated dynamically
for searches.  The latter means member and memberUid will guaranteed be
in sync, but some operations won't see memberUid - e.g. like filtering
for a memberUid, depending on how thoroughly you implement it.

-- 
Hallvard

References:
- need an overlay for rewriting attribute values
  - From: Thomas Wunder <thomas.wunder@swt-bamberg.de>
- Re: need an overlay for rewriting attribute values
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: slapd goes down
Next by Date: openldap 2.4.22 crash
Index(es):
- Chronological
- Thread