Hi,
As we store a lot of information in our LDAP server, we are looking to simplify and optimize our LDAP strucutre.
Actually we have plenty OUs (like people and vpn shown hereunder) and lot of fields are duplicate (same fields with same content in different OUs). As this is not optimum and makes us push any change for a user into all concerned OUs, we woul like to use aliasing to avoid duplicating entries:
This is an example of what a user would look like:
dn: uid=1,ou=people,dc=red,dc=com
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: extensibleObject
cn: Frank
sn: Moses
givenName: Frank Moses
mail:
frank.moses@red.comuserPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
uid: 1
This is an example of what is to be found in the vpn account of the same user (we have home made schemas, so there are some special attributes):
dn: uid=1,ou=vpn,dc=red,dc=com
objectClass: top
objectClass: openvpn
objectClass: extensibleObject
uid: 1
cn: Frank
sn: Moses
userUid: 1
vpnEnabled: TRUE
mail:
frank.moses@red.comuserPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
As you can see fields cn, sn, mail are the same in both... We would like to change this to make our LDAP more dynamic.
dn: uid=1,ou=vpn,dc=red,dc=com
objectClass: top
objectClass: openvpn
objectClass: extensibleObject
objectClass: alias
uid: 1
aliasedObjectName: uid=1,ou=people,dc=red,dc=com
userUid: 1
vpnEnabled: TRUE
But when requesting the server with ldapsearch it seems not to work, or maybe we just are missing someting...!
For example when requesting the cn of the vpn user we would like to have the cn field in the "uid=1,ou=people,dc=red,dc=com" account.
Our search:
ldapsearch -W -D "cn=admin,dc=red,dc=com" -x -b 'uid=1,ou=vpn,dc=red,dc=com' cn
Gives:
# extended LDIF
#
# LDAPv3
# base <uid=1,ou=vpn,dc=red,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: cn
#
# 1, vpn,
red.comdn: uid=1,ou=vpn,dc=red,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
But no "cn" value returned...
What are we doing wrong ?
Thank you,
Best regards,
ZP