[Date Prev][Date Next]
Running back-perl and hdb/bdb in the same suffix
- To: email@example.com
- Subject: Running back-perl and hdb/bdb in the same suffix
- From: José Miguel Parrella Romero <firstname.lastname@example.org>
- Date: Wed, 2 Feb 2011 14:32:51 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=XobLSSpGoi1qkA4Gwhw4oNjRzoqpBwn23CU5i1tHXq8=; b=ltmwfUSbZUc6K4mJKZPA3IqFknTRMtgX0GHEBrIbhOODGOG9uHHE6gq6Bo0QhOKpoD HG2GfUhxD26FaqOawnZ1tnHHROnIJ1m/nN2X74BeJm5ljOQA3RSRdhjXmUcRCXn6napP WBie3Yfh3NAZaVeVKIUzAH5evF0GKV/SNXbEQ=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=pnTw3GS+BmuR1Bg3dDcGdXEf6Awjwlevu516ddRI9f3e2WbNHIkQ1n2hsONHSNtM2Y SymkMaS8w3cjUqdPooroXdpHqPy3tzRnd8b1ar1Au6Xwm439ydBHGEkzDp+cQGjnbIMh TD34fE7P8llt7pSUucYrDQcAcs0OYAsWRS60o=
I've written a Perl class to be used with back-perl. I'm able to load
this class from slapd.conf using a different suffix than my
traditional hdb database. Say, for example, my hdb database is serving
the dc=my,dc=net suffix, and my Perl is serving dc=perl,dc=my,dc=net.
This effectively prevents me from "catching" user password
modifications in dc=my,dc=net. If I use the subordinate keyword on my
Perl database I'm able to see searches spanning through my
dc=perl,dc=my,dc=net, but then again, modifications on users in
dc=my,dc=net aren't seen by the Perl backend.
I've tried different approaches for this, but as of now I guess my
only chance is to actually "proxy" the LDAP operations from Perl using
the LDAP library to the dc=my,dc=net suffix in order to get a seamless
experience and achieve my goal of user password manipulation. This is
what I've seen in (really old) projects such as acctsync in
So, my question is: can I use both backends in the same suffix, so
only some LDAP operations get overriden in Perl and others "pass
through" the physical backend? And if not, what would be your strategy
to achieve this goal?
My last plan is to store passwords in plaintext, create an ACL to
prevent everyone but a non-human role to read userPassword and move
along, but I'd feel terrible about this.
By the way, thanks for making such an awesome piece of software.