[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fwd: LDAP backend

I have made some changes the the LDAP backend that might be useful to others. The idea is to map attribute names and objectclasses from the foreign server to different values on the local slapd. The reason is that some attributes might not be part of the local slapd's schema, some attribute names might be different but serve the same purpose, etc. The ldap backend understands a new "map" config statement:

   map {attribute | objectclass} {<local name> | *} [<foreign name> | *]

For example, Active Directory uses the objectclass "group", where slapd might use "groupOfNames". So you'd have a mapping line like this:

   map objectclass groupOfNames group

Or, you might be interested in presenting a limited attribute set from the foreign server, for example:

   map attribute cn *
   map attribute sn *
   map attribute manager *
   map attribute description *
   map attribute *

These lines map cn, sn, manager, and description to themselves, and any other attribute gets "removed" from the object before it is sent to the client (or sent up to the LDAP server). This is obviously a simplistic example, but you get the point.

If no maps are defined, the behavior is just like it is now.

So, is this of general interest? Pierangelo, do you want to finish your recent changes before I commit?