[Date Prev][Date Next] [Chronological] [Thread] [Top]

Virtual view using slapd-relay: dn mapping failure



Hello list.

I'm trying to provide a virtual view of the user branch in my legacy ldap directory. Basically, the real branch uses 'localLogin' as login attribute, and not 'uid', as usual, which unfortunatly breaks hard-coded rules in some applications.

This configuration creates a virtual 'ou=users' branch, mapped on actual 'ou=people', with real 'localLogin' attribute mapped to 'uid', and real 'uid' one removed:

# virtual database

database          relay
suffix            ou=users,dc=domain
relay             ou=people,dc=domain
overlay           rwm
rwm-suffixmassage ou=people,dc=domain
rwm-map attribute uid localLogin
rwm-map attribute uid

access to dn.subtree="ou=users,dc=domain" attrs=userPassword
    by anonymous auth

access to dn.subtree="ou=users,dc=domain"
    by * read

# main database
database        bdb
suffix          "dc=domain"

However, the actual 'uid' attribute is also used as RDN in the actual branch, and bind operation fails, because DN mapping is incomplete:
uid=rousse,ou=users,dc=domain -> uid=rousse,ou=people,dc=domain

Wheras I'd need this, where somethingelse is the value for the actual 'uid' attribute:
uid=rousse,ou=users,dc=domain -> uid=somethingelse,ou=people,dc=domain

I read rwm man page carefully, but it is a bit tough to understand. So, how am I supposed to achieve this ?

--
BOFH excuse #219:

Recursivity.  Call back if it happens again.