[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: aliased bases

Raj,  the modifications are to the openldap 1.0.2 code.  Not sure what you
could do with Netscape.

The changes consisted of changing the config code to read an arbitrary set of
suffixAlias specifications of the form suffixAlias <alias> <aliased base>
from the config file in the backend portion.  The information is stored in
the backend struct as an array of strings.

The select_backend code was modified to allow searching the aliases if the
base did not match.

The search code was modified to translate the suffix to the alias and store
both the original and aliased suffix in the operation struct.

The results code was modified to translate the dn to have the base back as
defined in the search specification if the operation struct had a suffix
alias defined.

Unfortunately this has little to do with the problem you describe.  The
suffix alias code is meant to solve the problem of having multiple bases
associated with a single internal base so that distinct external names can be
handled transparently by one service, not having multiple internal bases
appear to be one.  You may be able to solve your problem by using a null
search base if Netscape allows it and you don't mind having it search your
entire directory.

The proper method would be to have the MTA allow for multiple searches.

Raj Kunjithapadam wrote:

> I am trying to solve the same problem using Netscape's Directory Server.
> How did you solve the base aliasing problem for searches.
> My problem is that, if I have multiples bases (one for each country,
> for example) c=US, then c=CA and c=GB
> Now how can I search across all these bases?
> The real problem with X.500 based directory structure is that
> when I enable a Messaging server for mail routing, the information
> I have is only the mail and mailhost attribute.
> The search filter is actually (&(mail=user@foobar.com)
> (mailhost=hewey.foobar.net))
> or (&(uid=user) (mailhost=hewey.foobar.net)) and the search base would be
> either c=US or c=CA or c=GB
> based on the Mail server configuration.
> The user could be in an Organization in US or CA or GB.
> Thanks,
> Raj
> Will Ballantyne wrote:
> > I've put together some code to allow for the aliasing of search bases in
> > the openldap package.  The code is only implemented for the search
> > capability but I will add it to the add/mod/del etc. as time permits.
> >
> > This comes about from the puzzle of how to support the various standards
> > for the composition of DNs.  Specifically how the choice of a base could
> > be made to fit the various standards for later integration in the name
> > spaces defined by the various authorities.
> >
> > For example, in the X.500 structure we have the name "o=Government of
> > British Columbia,c=CA".  While we are phasing out X.500, we will likely
> > continue to provide access through some form of DAP/DSP to LDAP bridge.
> > RFC2377 recommends using the dc components, so we would have
> > "dc=gov,dc=bc,dc=ca".  The base aliasing allows the ldap server to
> > receive and respond to both correctly and we don't need to worry too
> > much about which we choose internally.  Subparts can also be aliased in
> > this way.
> >
> > I would like to apply enhancements we make here back to the original
> > distribution.  Please let me know the best way to provide the code and
> > whether this enhancement would be useful to others.  Also, I would be
> > very curious as to what others are doing to the following three areas:
> >
> >     bound access control, especially object based access control.
> >     host based access control
> >     chaining and replication
> >
> > Thanks.
> >
> > --
> > Will Ballantyne     GEMS Technical Architect
> > mailto:Will.Ballantyne@gems1.gov.bc.ca

Will Ballantyne     GEMS Technical Architect