[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap 2.1 and alias/referral

Hallvard B Furuseth wrote:

Ricardo Kirkner writes:

dn: uid=myuser,ou=branchB,o=myorg
objectClass: alias
aliasedObjectName: uid=myuser,ou=branchA,o=myorg

I get an error telling me that the uid attribute is missing.

Yes, the uid from the RDN must be present in the object.

If I add the uid attribute to the ldif, I get an error telling me that
the uid attribute is not allowed.

Yes, you need an object class which allows uid, e.g. 'extensibleObject' which allows any attribute.

Allright !!!! it worked.. thank you

Now just one more question (or maybe two :-) )

I can get the aliases dereferenced when searching with ldapsearch because I can tell ldapsearch to do so in /etc/openldap/ldap.conf, but how can I tell nss_ldap to so too (I cannot find an option for this,)?

the second question is: in your opinion, is this the best way to specify authorization grants? or should I choose an approach like Matthew Smith suggested? (I want to try to stick to the standard the closest possible)

thank you again