[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Editing entries returned to back-ldap/meta

To: <stephen@brandonitconsulting.co.uk>
Subject: Re: Editing entries returned to back-ldap/meta
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Tue, 5 Nov 2002 22:08:32 +0100 (CET)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <200211052035.gA5KZ847094445@galois.openldap.org>
References: <200211052035.gA5KZ847094445@galois.openldap.org>

> Hi,
>
> After successfully prototyping a backend based on back-perl, I am
> attempting  to recreate it in a more configurable way with back-ldap or
> back-meta.
>
> My backend forwarded queries on to another LDAP server, then dynamically
>  re-wrote some of the attributes. Easy in perl, but because perl-back
> has  mutex locks around it, it all ends up single threaded :-(
>
> As well as re-writing attributes (simple substitution editing), it
> creates  some new attributes on the fly, such as a unix UID (calculated
> from a login  name's ascii value), and a home account location, which
> the main LDAP server  does not have in its schema.
>
> In back-ldap/meta however, it's not quite as simple as I had hoped. For
> a  start, only "dn-like" attributes can be edited with the regex support

Yes, because the purpose of attribute value "massaging" is to alter
the naming context, not the content of entries.

> (I can  kludge this though). But more importantly, there's no easy way
> to add *new*  attributes.

> Could I ask if anyone has any good ideas for where/how to do this?
>
> - I guess I am going to have to learn how to read/write BERs, then
> append the  new attributes in BER form to the end of the BER structure
> returned from the  other server. Is it possible to simply add new
> attributes in this way?
>
> - or is there some other less kludgy way to achieve the same thing?

well, if you accept the idea of altering the content of entries,
then all you need to do is play with ldap_send_entry() function.
There you can add/modify/alter as many attrs/values you want,
since entries are not being cached.  And you don't need to deal
with ber stuff, all you need to do is call attr_merge() on
appropriately defined values.

However, scripting backends (back-{perl,tcl,shell}) are best suited
for the purpose because they do not require C programming.  If you
I don't suggest hacking back-ldap/meta because of portability issues
(every new release, you'll have to cross your fingers and hope your
hacks apply without conflicts).  The ultimate solution to your needs
would be SLAPI, which is being integrated right now.  If you wish to
play with it, and possibly contribute to its development,please feel
free to follow ITS#2073.

Pierangelo.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

References:
- Editing entries returned to back-ldap/meta
  - From: Stephen Brandon <stephen@brandonitconsulting.co.uk>

Prev by Date: RE: big directories (more than 1M entries)
Next by Date: openldap-2.0.25 start error
Index(es):
- Chronological
- Thread