[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
rewrite overlay to combine multiple OUs
- To: openldap-technical@openldap.org
- Subject: rewrite overlay to combine multiple OUs
- From: Nick Couchman <nick.couchman@seakr.com>
- Date: Sat, 5 Mar 2016 22:29:03 -0700 (MST)
- Thread-index: XNjgLfGgnURYzU8TvHh4UMDS4zRlQA==
- Thread-topic: rewrite overlay to combine multiple OUs
Well, I have a situation (a particular application, actually), that is so arcane in its configuration that it requires that all of the users for the application be in the same OU. So, the config for the app is something like:
CN=%USERNAME%,ou=Users,dc=example,dc=com
So, the application substitutes in the %USERNAME% value with the actual username, and then does a bind with the supplied password. My tree is a little more complicated than that - another dc level or two and several different ou=People places - something like this:
ou=People,dc=engineering,dc=example,dc=com
ou=People,dc=administration,dc=example,dc=com
ou=People,dc=operations,dc=example,dc=com
etc.
with all of the users located under the ou=People branches of the tree. What I'm hoping is that there's some way that I can virtually combine the ou=People locations in my LDAP tree such that, when the application requests cn=Nick,ou=users,dc=example,dc=com, it goes out and searches through either the entire dc=example,dc=com tree or goes through and looks at each of the ou=People locations until it finds it and transparently redirects, allowing this application to function correctly in its stupid configuration, but without me having to create a bunch of aliases in a single location in my tree, or, worse, actually reorganize my tree.
I'm thinking there's probably a way to do this with the rewriteRule and some regular expressions, but I can't find quite the combination of rules/expressions to accomplish this. Any ideas? Or am I stuck making aliases?
Thanks,
Nick
==
This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary Information. If this message is not intended for you, you are strictly prohibited from using this message, its contents or attachments in any way. If you have received this message in error, please delete the message from your mailbox. This e-mail may contain export-controlled material and should be handled accordingly.