[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Rename attribute before return

So to treat it another way, could I have a fake DIT that is used to
return massaged data?

In other words, instead worrying about the binddn or the requestor at
all, have a cn=accounts-2 and when a request is made from cn=accounts-2,
have OpenLDAP look up the entry in cn=accounts and then do some regex or
other alterations before returning the entry?

-- DK

On Wed, 2005-07-20 at 10:52, Pierangelo Masarati wrote:
> Howard Chu wrote:
> > Pierangelo Masarati wrote:
> >
> >>
> >> To answer Quanah's question, I think your ITS, as answered by Kurt, 
> >> is now entirely fulfilled by 2.3 code, by using back-relay and 
> >> slapo-rwm; the only thing it doesn't allow is to use the requested 
> >> name instead of the canonical one, e.g. returning "userid" instead of 
> >> "uid" when "userid" is requested (this was a long debated question; I 
> >> see the issue and I agree with the common answer that the current 
> >> behavior is preferable; for those that still wish this to be 
> >> possible, the answer is that it cannot be done with an overlay, so 
> >> there's very little chance that it will ever be possible with 
> >> OpenLDAP, except by hacking the code).
> >
> > Well, it can be done, but you need to duplicate each entry before 
> > being returned, and generate new AttributeDescriptions corresponding 
> > to the desired attributes...
> I would do this way: in the frontend, since we're keeping the requested 
> names in the array of AttributeName's, just use that value instead of 
> AttributeDescription.ad_cname, if applicable.  It implies some overhead, 
> and may be unclean for other reasons (e.g. need to consider "*", "+", 
> "@<objectClass>" and so), but it would do the trick.  Unfortunately, 
> there's no chance we can get to that point with any type of layer 
> (overlays, slapi, whatever).  Unless we consider the opportunity of 
> having a layer __before__ decoding and __after__encoding.  This would 
> allow, for instance, to implement the non-standard, protocol-violating 
> extension of ITS#3193 (ranges) without hacking the baseline code.
> p.
>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
Digant C Kasundra
Enterprise Operations and Systems
Office of Information Technology
University of Texas at Arlington
Ph: 817-272-2208
GnuPG Public Key: http://omega.uta.edu/~digant/digant.gpg.asc

To request technical support, please contact our computing Help Desk at
817-272-2208, e-mail helpdesk@uta.edu or create a work order at

Attachment: signature.asc
Description: This is a digitally signed message part