Re: Duplicate dynamically an OU with another RDN ?

[Howard Chu <hyc@symas.com>]

ClÃment OUDOT wrote:
> 2014-04-29 15:32 GMT+02:00 Dan White <dwhite@olp.net <mailto:dwhite@olp.net>>:
>
>     On 04/29/14 14:57 +0200, Sylvain wrote:
>
>         Hi !
>
>         I have a branch "ou=people" where RDN are in the form "X1234" and NEVER
>         change for one people.
>         Ex. : uid=X1234,ou=people,dc=__example,dc=org
>
>         In this node, I have the login under "eduPersonPrincipalName" attribute
>         which MAY change.
>
>         Some applications doesn't allow us to define which login to use and so
>         take
>         "uid" attribute by default, not so cool.
>
>         Is there any possibility in OpenLDAP to duplicate dynamically an OU with
>         another RDN to have for example :
>         uid=sylvain,ou=peoplebis,dc=__example,dc=org ?
>
>
>     The rwm overlay should handle this. Point your broken applications to a
>     unique suffix (e.g. dc=example,dc=org,dc=__brokenapps), which overwrites the
>     incoming DN to use eduPersonPrincipalName instead of uid. See slapo-rwm(5).
>
>
> You could also use alias if the application supports them. With LSC
> (http://lsc-project.org) it is really is to create a synchronization task that
> will create aliases in a new branch.

That is a horrible suggestion, for multiple reasons. E.g., Aliases only work 
on Search requests. Most LDAP servers don't even implement aliases, they're a 
bad idea that should be eradicated from practice.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/