btb@bitrate.net wrote: > On Apr 21, 2012, at 14.12, Michael Ströder wrote: >> But you could at least enforce that attribute values match according to what >> you've subscribed above with a set-based constraint to avoid having false user >> input in your data. > > oh, that sounds interesting. if nothing else, it would be a step in that > direction. with slapo-constraint, presumably? i've only used it for basic > constraints, but i'll go have another read through man 5 slapo-constraint > and do some experimenting. Yes, with slapo-constraint. Examples (lines partially wrapped): # cn has to be composed of givenName, space, sn constraint_attribute cn,sn,givenName set "(this/givenName + [ ] + this/sn) & this/cn" restrict="ldap:///ou=People,dc=domain??sub?(objectClass=person)" # homeDirectory has to be composed like /home/uid constraint_attribute uid,homeDirectory set "([/home/] + this/uid) & this/homeDirectory" restrict="ldap:///ou=People,dc=domain??sub?(objectClass=posixAccount)" Another option would be to add some external custom code with slapo-sock where an external process listens on a Unix domain socket. >> For auto-generating values you could customize your LDAP administration UI. >> Which one are you using? > > for day to day management tasks, apache directory studio. Doesn't it have a plugin API? I've implemented something like this in my web2ldap with a custom attribute plugin class which suggests an input value based on different input. Not much work but one extra click needed though because up to now web2ldap does not have a post-process plugin API for the whole entry. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature