Re: openldap rewrite 2307 group attribute

Tyson Lambert wrote:

Meanwhile.. how would one hypothetically do this with a rewrite?

You can't. By design, only DN-valued attributes can be rewritten (it's a long story, but the sense is that you shouldn't change the meaning, but only the format of values; for instance, the naming context). So, to allow rewriting, both the remote and the local attributes must be DN-valued. And what you want to obtain in the end is not goung to be a valid DN, so don't even think that hacking the schema would help. Of course you can hack back-ldap where it maps attributeTypes, and make it alter the value as well based on your own rules, or, if you're using 2.2, you can write a dedicated overlay; that's what overlays are for, non-standard things.


