[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap overlays

To: "srg" <srgqwerty@gmail.com>
Subject: Re: ldap overlays
From: masarati@aero.polimi.it
Date: Tue, 10 Nov 2009 20:30:58 +0100 (CET)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <1257862088.4082.17.camel@ping01>
References: <1257862088.4082.17.camel@ping01>
User-agent: SquirrelMail/1.4.9a

> We are running openldap 2.4.11.
> The "base" dn is "dc=foo,dc=com", under this, there are two
> organizationalunits "ou=people,dc=foo,dc=com" and
> "dc=groups,dc=foo,dc=com".
>
> Entries under "groups" use objectclass groupOfNames.
> Entries under "people" use objectclass inetOrgPerson.
>
> Each group entry has some "member" attributes, each of them "pointing"
> to one user dn. With this we have the "list of members that the group
> has".
>
> Also we are using the "memberof" overlay (memberof.la) that
> automatically "inserts" "memberof" attributes to each user, so each
> user, has a list of memberof attributes (one for each group that the
> user belongs to).
>
> At this point all is OK and working fine.
>
> Now we need another overlay that "inserts" a new "text" attribute for
> each user called for example "groups" that contains a string with all
> the groups that the user belongs to.
> Note that we need to have this with only ONE attribute (NOT one
> attribute for each group that the user belongs to).
> For example:
> groups: g1,g2,g3
>
> Not:
> groups: g1
> groups: g2
> groups: g3
>
> It is possible?

Not with stock OpenLDAP.  Also, this is an abuse of LDAP's data model.

> How?

You can do this by implementing a custom overlay.

p.

References:
- ldap overlays
  - From: srg <srgqwerty@gmail.com>

Prev by Date: Problem in sb_stream_read
Next by Date: Re: Problem with ber_flatten2
Index(es):
- Chronological
- Thread