[Date Prev][Date Next] [Chronological] [Thread] [Top]

filter searches using openldap

bit of background: 

I have a braindead directory service all around me that aliases
the uid attribute to cn. 

This causes all sorts of problems with ldap auth, because a search
can't find a unique entry for uid=foo if there is an alias with the
same cn. As luck would have it, when a user moves department the management
system leaves an alias to their new dn in the old location.

telling the search not to deref aliases doesn't help in this situation, because
the alias itself appears to have a uid attribute.

Limiting the search to objectClass=inetOrgPerson solves my problem, however
I also have a proprietary appserver that can't tune its ldap searches
worth a damn.

the openldap question

Do any of the backends to openldap (2.2 ideally) allow you to restrict searches
to a particular objectClass? if it can handle multiple backend ldap servers
that would be good too.

Finally, the directory has a duff subjectaltname, so I need to turn off cn
checking. Is there a way other than a custom build to force that?

Thanks a lot.
'If we can hit that bull's-eye, the rest of the dominoes will fall like a
house of cards... Checkmate!'
		-- Zapp. Brannigan
Rasputin :: Jack of All Trades - Master of Nuns