[Date Prev][Date Next] [Chronological] [Thread] [Top]

rwm-overlay and ldap-backend do suit me ?



Hi all,

I'm trying to setup a ldap server with openldap 2.3 and I need some lights about how to do it.
I explain:
My company already have a central ldap server (openldap 2.2) on which I can find all users and authenticate them, but the corresponding attributes (homedir, shell, gidnumber) aren't relevant for my department. My problem is that I want to use the central ldap serveur for authentification purpose and store locally the other datas.
Yeah, it seems easy to solve using the rwm overlay and a ldap backend, but it isn't, because the users are located on different OUs on the remote ldap server.
So there is the relevant part of my slapd.conf, which works great for the first user unit :

####################################
overlay    rwm

rwm-rewriteEngine     on
rwm-rewriteContext    bindDN

# path to the remote users :    ou="unit_number",ou=people,dc=example,dc=com
# path to the local users :    cn=users,dc=local,dc=example,dc=com
rwm-rewriteRule         "^uid=([^,]+),cn=users,dc=local,dc=example,dc=com$"  "uid=$1,ou=unit_1,ou=people,dc=example,dc=com"  ":@"

# Database for remote Authentification
database      ldap
suffix          "ou=people,dc=example,dc=com"
uri              "ldap://remote-ldap.example.com:389/"
restrict        read write extended

# Local Database
database        bdb
suffix          "dc=local,dc=example,dc=com"
####################################

I tried to complete my setup by adding a line like :
     uri "ldap://remote-ldap.example.com:389/ou=people,dc=example,dc=com??sub?(&(objectClass=posixAccount)(uid=$1)) "
but the ldap backend isn't designed to do that ^^

So, is there a way to work around it ?

Thanks for your help,
Frava.