[Date Prev][Date Next]
Re: OpenLDAP's Backend Rewrite Engine
Thank you, Dieter. For reasons outside of my control, I can't place a "rootpw" or a "rootdn" attribute in the configuration file. Suffix massaging works when the bind is for one user with privileges for both DNs. I have a situation where the user may be different every time a bind is attempted. For example, when a user attempts to authenticate his/herself they will submit their credentials to "ldap://public.com". They will attempt a bind on that server using a DN "cn=user1,cn=Administrators,dc=test,dc=com". I would like the server "ldap://public.com" to proxy the bind for "ldap://mixedmaster.mixeddomain.com" using the same credentials but under a different DN "cn=user1,cn=Users,dc=mixeddomain,dc=com".
The server "ldap://mixedmaster.mixeddomain.com" would then return success or failure to "ldap://public.com" who would then return success of failure to the client.
Can this be done? If yes, do the rules I posted earlier (below) make any sense? I'm certainly missing something, I'm just not sure where to go from here.
Dieter Kluenter wrote:
Michael Gale <email@example.com> writes:
Content-Type: text/plain; charset=iso-8859-1
So, I decided to try the proxy approach, and I would like to rewrite a
DN from this:
I would like to perform a simple substitution where the user name from
one DN gets copied to another. I am using a rewrite context for a
client -> server operation, but I'm pretty sure the following is not
I'm a little lost as to what rules/contexts/uris are required in the
"slapd.conf" file. Any help would be greatly appreciated.
You didn't mention which version you are referring to.
I my OpenLDAP-2.X.X which is april HEAD I have following lines
,----[ slapd.conf ]
| modulepath /usr/local/libexec/openldap
| moduleload pcache.la
| moduleload rwm.la
| moduleload back-ldap.la
| database ldap
| lastmod off
| overlay rwm
| suffix "dc=virtual,dc=com"
| rwm-suffixmassage "dc=virtual,dc=com" "dc=real,dc=com"
| rootdn cn=admin,dc=virtual,dc=com
| rootpw secret
| binddn cn=updateManager,dc=real,dc=com
| bindpw secret2
| uri ldap://remote.server:389
| <some proxycache options>