[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: mapping one part of the DIT to another?

> I'm currently working with openldap to replace a
> another propreitary ldap system. The problem is that I
> can't replace the client software as well, and the
> client has some queries that are hard coded.
> The client tries to verify the user by looking in
> cn=jdoe,ou=users,dc=company,dc=com. We use
> cn=jdoe,cn=users,dc=company,dc=com.
> So, what I would like to do is take the client request
> and process it as if it were really looking at the
> cn=jdoe,cn=users,dc=company,dc=com
> Can this be done?


> Can someone please give me some guidance?

You already seem to be on the right track because you're using back-ldap.
Take a look at the rewrite engine that's in back-ldap (man slapd-ldap, man
slapd-meta). Use it to rewrite the DNs for search requests and search
results. Other dn-syntax attributes can be rewritten as well. For a rewrite
as simple as this you may be able to get away with the suffixmassage
directive instead of using rewrite* directives.

Hope this helps...

Matthew Hardin
Symas Corporation
Packaged, certified, and supported LDAP distributions 
powered by OpenLDAP: http://www.symas.com