[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap 2.1 and alias/referral

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: openldap 2.1 and alias/referral
From: Ricardo Kirkner <ricardo@fcen.uba.ar>
Date: Thu, 28 Oct 2004 13:08:02 -0300
In-reply-to: <HBF.20041028gfrd@bombur.uio.no>
References: <41810C4D.3060308@fcen.uba.ar> <HBF.20041028gfrd@bombur.uio.no>
User-agent: Mozilla Thunderbird 0.7.3 (X11/20040803)

Hallvard B Furuseth wrote:

Ricardo Kirkner writes:
dn: uid=myuser,ou=branchB,o=myorg
objectClass: alias
aliasedObjectName: uid=myuser,ou=branchA,o=myorg
I get an error telling me that the uid attribute is missing.
Yes, the uid from the RDN must be present in the object.
If I add the uid attribute to the ldif, I get an error telling me that the uid attribute is not allowed.
Yes, you need an object class which allows uid, e.g. 'extensibleObject'
which allows any attribute.

Allright !!!! it worked.. thank you

Now just one more question (or maybe two :-) )

I can get the aliases dereferenced when searching with ldapsearch because I can tell ldapsearch to do so in /etc/openldap/ldap.conf, but how can I tell nss_ldap to so too (I cannot find an option for this,)?

the second question is: in your opinion, is this the best way to specify authorization grants? or should I choose an approach like Matthew Smith suggested? (I want to try to stick to the standard the closest possible)

thank you again

ricardo

References:
- openldap 2.1 and alias/referral
  - From: Ricardo Kirkner <ricardo@fcen.uba.ar>
- Re: openldap 2.1 and alias/referral
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: slurp, master & slave issues
Next by Date: Re: slurp, master & slave issues
Index(es):
- Chronological
- Thread