[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: mapping one part of the DIT to another?

To: "'ray v'" <rayv5n@yahoo.com>, <openldap-software@OpenLDAP.org>
Subject: RE: mapping one part of the DIT to another?
From: "Matthew Hardin" <mhardin@symas.com>
Date: Tue, 24 Aug 2004 16:56:35 -0700
Importance: Normal
In-reply-to: <20040824223854.3061.qmail@web21321.mail.yahoo.com>

> I'm currently working with openldap to replace a
> another propreitary ldap system. The problem is that I
> can't replace the client software as well, and the
> client has some queries that are hard coded.
> 
> The client tries to verify the user by looking in
> cn=jdoe,ou=users,dc=company,dc=com. We use
> cn=jdoe,cn=users,dc=company,dc=com.
>
> So, what I would like to do is take the client request
> and process it as if it were really looking at the
> cn=jdoe,cn=users,dc=company,dc=com
> 
> Can this be done?

Yes.

> Can someone please give me some guidance?

You already seem to be on the right track because you're using back-ldap.
Take a look at the rewrite engine that's in back-ldap (man slapd-ldap, man
slapd-meta). Use it to rewrite the DNs for search requests and search
results. Other dn-syntax attributes can be rewritten as well. For a rewrite
as simple as this you may be able to get away with the suffixmassage
directive instead of using rewrite* directives.

Hope this helps...

Matthew Hardin
Symas Corporation
Packaged, certified, and supported LDAP distributions 
powered by OpenLDAP: http://www.symas.com

References:
- mapping one part of the DIT to another?
  - From: ray v <rayv5n@yahoo.com>

Prev by Date: RE: Centralized LDAP Authentication or Kerberos+LDAP Authentication
Next by Date: Problems with ldapwhoami -> slapd -> segmentation fault
Index(es):
- Chronological
- Thread