[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: suffixalias not implemented in add.c

To: Pierangelo Masarati <PierangeloMasarati.guest@intesabci.it>
Subject: Re: suffixalias not implemented in add.c
From: Lars Uffmann <lu@mediaways.net>
Date: Thu, 27 Sep 2001 18:30:45 +0200
Cc: openldap-devel@OpenLDAP.org
Content-disposition: inline
In-reply-to: <3BB34732.1961C796@bci.it>
References: <20010927165541.M508@mediaways.net> <3BB33F76.F4B3BCE5@bci.it> <20010927170952.N508@mediaways.net> <3BB34732.1961C796@bci.it>
User-agent: Mutt/1.3.20i

On Thu, Sep 27, 2001 at 05:35:14PM +0200, Pierangelo Masarati wrote:
> Lars Uffmann wrote:
> > 
> > I would like to be able to add a DN even if it is only a SuffixAlias:
> > 
> > # sample slapd.conf:
> > suffix "o=mediaways.net"
> > suffixAlias "o=mediaways,c=de" "ou=mediaways,o=mediaways.net"
> > 
> > # sample LDIF
> > dn: uid=test,o=mediaways,c=de
> > chgangetype: add
> > [ ... ]
> > 
> > Doing an ADD using above LDIF schould succeed, rewriting/aliasing the DN to
> > "uid=test,ou=mediaways,o=mediaways.net"
> > 
> > I need this to be compatible with all Applications while moving our LDAP
> > Tree to the new suffix, this whould help a lot with the migration
> > process.
> 
> Your statement definitely makes sense. The point I get, from reading
> thru the code, is that while it is easy to aliase a normalized dn, it
> gets a bit more difficult to aliase a non-normalized dn, so the added
> dn should be normalized and would look a bit "square".  The fix would
> be to also store the (supposedly) non-normalized alias entered in
> the config file and try to use it to get a non-normalized aliased 
> version of the new dn.

This sounds reasonable. Replace the entrys DN with the second argument
to SuffixAlias, to avoid to put uppercased, normalized DNs into
id2entry. Allthough this would be trade-off I could live with.

> I'm not sure it is worth the effort; in fact
> I remember reading about issues involving suffix aliasing in previous 
> postings, which implies subtle side-effects.  I'm not sure what was
> the real drawback.

At wich level do acl lookups take place? Before or after the aliasing?

> If there's a real need I'll try to work something out.

Yes, I see adding Aliasing support for ADD ist not as straightforward as
I thought. The feature would be a big win for us, as we are in the
process of migrating several seperate slapd installations to a new shared
system. We could completely seperate the application re-configuration
from the LDAP migration, minimizing service downtime.

regards,
-- 
Lars Uffmann, <lars.uffmann@mediaways.net>, fon: +49 5246 80 1330

Attachment: pgpodC71WRrxx.pgp
Description: PGP signature

Follow-Ups:
- Re: suffixalias not implemented in add.c
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

References:
- suffixalias not implemented in add.c
  - From: lu@mediaways.net (Lars Uffmann)
- Re: suffixalias not implemented in add.c
  - From: Pierangelo Masarati <PierangeloMasarati.guest@intesabci.it>
- Re: suffixalias not implemented in add.c
  - From: Lars Uffmann <lu@mediaways.net>
- Re: suffixalias not implemented in add.c
  - From: Pierangelo Masarati <PierangeloMasarati.guest@intesabci.it>

Prev by Date: Re: suffixalias not implemented in add.c
Next by Date: Re: suffixalias not implemented in add.c
Index(es):
- Chronological
- Thread