[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Virtual view using slapd-relay: dn mapping failure
- To: openldap-technical@openldap.org
- Subject: Virtual view using slapd-relay: dn mapping failure
- From: Guillaume Rousse <guillomovitch@gmail.com>
- Date: Mon, 06 Aug 2012 23:05:19 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=+fVD8ERJYpUlZnyUPtJBJdtnL4U5Ch1cAJT2nDnG4MY=; b=0M6rL2mi68RnFJCjUdWOB6IMLlkctNg8EdHjIGiXVM2QSZAqJLiT2xhP167caJ5kwr AL/OLtR09XI8a7WEuJexK2Oz24X0mkpVHIN+1T33LPMQdwnSSACUCnnMEsJmAkwppP7r z+lWj3qbNRfng1Oth4jN4UkKp1NZTjbQq0QEj7FvnwrugPD8nKF3O3l1dODmj1MU1wss CCGiDS2GqsD23moXJVsme7DaB4OISarrHlBrsg1C+EVXjofVqYzwqsVZJSTx/1ifwpra i3Nnn7dAMsDvtR+iMA9kqVAnwK2Wp2MeP6t+s2i9o1WS1uBN5NLEGBSBd05EGW+LN6Sg MXkA==
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120718 Thunderbird/14.0
Hello list.
I'm trying to provide a virtual view of the user branch in my legacy
ldap directory. Basically, the real branch uses 'localLogin' as login
attribute, and not 'uid', as usual, which unfortunatly breaks hard-coded
rules in some applications.
This configuration creates a virtual 'ou=users' branch, mapped on actual
'ou=people', with real 'localLogin' attribute mapped to 'uid', and real
'uid' one removed:
# virtual database
database relay
suffix ou=users,dc=domain
relay ou=people,dc=domain
overlay rwm
rwm-suffixmassage ou=people,dc=domain
rwm-map attribute uid localLogin
rwm-map attribute uid
access to dn.subtree="ou=users,dc=domain" attrs=userPassword
by anonymous auth
access to dn.subtree="ou=users,dc=domain"
by * read
# main database
database bdb
suffix "dc=domain"
However, the actual 'uid' attribute is also used as RDN in the actual
branch, and bind operation fails, because DN mapping is incomplete:
uid=rousse,ou=users,dc=domain -> uid=rousse,ou=people,dc=domain
Wheras I'd need this, where somethingelse is the value for the actual
'uid' attribute:
uid=rousse,ou=users,dc=domain -> uid=somethingelse,ou=people,dc=domain
I read rwm man page carefully, but it is a bit tough to understand. So,
how am I supposed to achieve this ?
--
BOFH excuse #219:
Recursivity. Call back if it happens again.