Re: rewrite rule in slapd.conf

["Pierangelo Masarati" <ando@sys-net.it>]

> Hi, all
>
> I need "rewrite rule". For example, when client try authorize as
> uid=A,ou=all-users,o=org I want check this uid in two containers:
> uid=A,ou=local-users,o=org and uid=A,ou=ext-users,o=org. Is it
> possible?
>
> I read about referral and subordinate. But I want use it on one server
> and in one database. Is it possible?

Yes, although not trivial.  You should try something like

database <any>
suffix "ou=local-users,o=org"

# ...

database <any>
suffix "ou=ext-users,o=org"

# ...

database meta
suffix "ou=all-users,o=org"

uri "ldap:///ou=all-users,o=org";
suffixmassage "ou=all-users,o=org" "ou=local-users,o=org"

uri "ldap:///ou=all-users,o=org";
suffixmassage "ou=all-users,o=org" "ou=ext-users,o=org"

The meta database will split each request in two branches, rewriting the
"ou=all-users,o=org" virtual DN into the "ou=all-users,o=org" and
"ou=ext-users,o=org" real DNs, merging the results.  You might be in
trouble for example with adds because of non-unique target database
selection.

p.



Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------