[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fwd: LDAP backend

At 04:24 PM 2/4/01 +0100, Pierangelo Masarati wrote:
>> I have made some changes the the LDAP backend that might be useful to 
>> others.  The idea is to map attribute names and objectclasses from 
>> the foreign server to different values on the local slapd.  The 
>> reason is that some attributes might not be part of the local slapd's 
>> schema, some attribute names might be different but serve the same 
>> purpose, etc.  The ldap backend understands a new "map" config 
>> statement:
>>     map {attribute | objectclass} {<local name> | *} [<foreign name> | *]
>I was thinking about the possible problems your idea might discover.
>In detail, how are you going to ensure the remapped attributes/objectClasses 
>share the same, or a compatible, definition? What about attribute syntax?

I note that this is a problem which exists in proxying even without
mapping.  That is, how does the proxy ensure that the attribute
requested by the same as that returned by the server it is held
in.  One must be very careful to ensure 'foo' returned is same
as 'foo' returned.