Re: Fwd: rewrite rule - turn groupOfNames into posixGroup

[Pierangelo Masarati <ando@sys-net.it>]

Shane wrote:
> Hi All,
>
> I'm looking for some help in writing a rewrite rule or some other
> back-ldap etc to "masquerade" some groupOfNames objects as posixGroups
> - the reason for this is to allow me to move forward with implementing
> "proper" groups within the LDAP server for use with ACL's etc but to
> provide backwards compatibility / inter-operability with clients that
> don't [yet] support groupOfNames
>
> I started some work on this a while ago but never got anywhere - only
> managed to ever get the server to tell me my rules were invalid and it
> wouldn't start - annoyingly I deleted the rules from the slapd file
> and now can't find test copy that had them around ...so starting
> afresh basically and hoping someone else has done this or similar so I
> don't need to re-invent the wheel.

It's simply impossible, since the two objectclasses require different 
attributes whose syntax is incompatible; no wonder you didn't succeed. 
What you could do is write some specific code (an overlay) that presents 
posixGroups as groupOfNames (or vice-versa, as in your case), but in 
that case I'd rather sanitize my database.

p.




Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------