Re: Rewriting the dn

["Pierangelo Masarati" <ando@sys-net.it>]

It's very simple; you need to:
1) rewrite the DN
2) map the attribute in the entry, otherwise the resulting entry
   would not comply with naming scheme

1)
<slapd.conf>
database ldap
# ...
rewriteEngine on

rewriteContext default
rewriteRule "^(.*,)?uid=(.*)$" "%1cn=%2"

rewriteContext searchResult
rewriteRule "^(.*,)?cn=(.*)$" "%1uid=%2"

rewriteContext searchAttrDN alias searchResult
rewriteContext matchedDN alias searchResult
</slapd.conf>

2):
<slapd.conf>
map attribute uid cn
</slapd.conf>

note that if the objectClass of the entry allows uid but does not allow
cn, or requires either of them, you'll end up with an inconsistent entry;
for instance, when adding a inetOrgPerson entry, both "cn" and "uid" will
show up as "cn", so the entry will be inconsistent and you'll likely be
adding the same attribute twice, which is an error.

p.

> I am using openldap as a proxy to an NDS ldap server and it seems to be
> working ok.
>
> The problem I have is that NDS will by default only set the dn as
> cn=user,......  I need the dn to be uid=user,.....
>
> I cannot get my head around the ldap-meta rewrite rules, is there any
> chance one of you kind guys would be able to let me know what rewrite
> rule I need to change:
>
> cn=justin,
> to
> uid=justin
>
> Bearing in mind that the location of the user in the NDS tree is not
> static, users are spread across subtrees.
>
> People will need to bind with uid= too, so the rewrite will have to
> take binds into account (if this is possible ?)
>
> Thanks,
>
> Justin
> -  - -- ----  ----------------------------------------- --- -- -   -
> Justin Davies LPIC2,OCA,DB2
> Lead SME/Editor, Linux Professional Institute
> email: justin@palmcoder.net
> web: www.palmcoder.net
> -  - -- ----  -------- -----------------------------------------------
> ------- --- -- -   -


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497