[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Newbie Help Mapping Attributes

Subject: Re: Newbie Help Mapping Attributes
From: Tony Earnshaw <tonni@hetnet.nl>
Date: Mon, 05 Nov 2007 05:28:06 +0100
Cc: openldap-software@openldap.org
In-reply-to: <e23487350711031023h131da9ebj8833e2968759c387@mail.gmail.com>
References: <e23487350711031023h131da9ebj8833e2968759c387@mail.gmail.com>
User-agent: Thunderbird 2.0.0.6 (X11/20070728)

Simon Kelsall skrev, on 03-11-2007 18:23:

I have set up LDAP to authenticate and work with Samba and a couple of
other things but I
am getting lost with the following.

We have 2 new printers that can pull their address book from LDAP. I
cant change the
seach filter they use but was hoping to map their attributes onto ones
in our directory.

So for example any referance to facsimileTelephoneNumber by them in
the search filter or
list of attributes to return would get changed to faxNumber.

Could someone point me in the right direction.

1: Why do you have 'faxNumber' in your directory? The rfc pertaining to facsimileTelephoneNumber is rfc2256 and the allowed attributes are facsimileTelephoneNumber which has the single synonym fax.

2: What version of OpenLDAP are you using? In 2.3.x, at least, these attributes are included in a part of core.schema that is not "built in" to slapd (some attributes are) and can be edited. I tried this out: It is not possible (OL 2.3.39/2.4.6) to search on the rfc2256 values for facsimileTelephoneNumber or fax, the syntax does not allow this. and OL reports '?undefined' for a search string including this.

I edited core.schema to have the same equality, substr and syntax as telephoneNumber and a search is then possible:

Change from:

attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
        DESC 'RFC2256: Facsimile (Fax) Telephone Number'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )

To:

attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
        DESC 'botched RFC2256: Facsimile (Fax) Telephone Number'
        EQUALITY telephoneNumberMatch
        SUBSTR telephoneNumberSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )

It can then be searched on.

In core.schema it is included in the objectClasses (last in the schema) organization, organizationalUnit, organizationalPerson, organizationalRole, residentialPerson and dmd. In other schemas it is included in the objectClasses domain (samba.schema) and RFC822localPart (cosine.schema, email related).

If you *really* have faxNumber as an attribute and not fax, you should add this to attributetype 2.5.4.23 and to the MAY part of the relevant objectClass for your printers.

Note that by doing all of this you will break compatibility with rfc2256 (which to my mind is wrong in its equality, substr and syntax anyway - but that's another matter ;) )

If you are not using OL 2.3 then YMMV.

Best,

--Tonni


--
Tony Earnshaw
Email: tonni at hetnet dot nl

References:
- Newbie Help Mapping Attributes
  - From: "Simon Kelsall" <simon@kelsall.net>

Prev by Date: Re: [Unofficial] OpenLDAP Weekly Newsletter Issue 2
Next by Date: Re: matching on inherited attributes
Index(es):
- Chronological
- Thread