Re: need an overlay for rewriting attribute values

[Howard Chu <hyc@symas.com>]

Thomas Wunder wrote:
> Hi,
> I need some kind of overlay which allows me to rewrite attribute values. I.e. if there's an object
>    "cn=a,ou=src,dc=my,dc=com" which has attributes like
>       memberUid="uid=usrA,ou=rest,ou=of,dc=the,dc=dn" and
>       memberUid="uid=usrB,ou=rest,ou=of,dc=the,dc=dn"
> I want that overlay to suffixmassage (or whatever) it to an object like
>    "cn=b,ou=dst,dc=my,dc=com" where for example
>       memberUid="usrA"
>       memberUid="usrB"
> but the rest (i.e. other Attributes like 'gidNumber', 'userPassword',
'description',...) of the object should be identical to the 'source'-object.
> The whole thing is needed because slapo-autogroup puts in full DNs as
attribute values but my client programs (e.g. nss-ldapd) expect only a plain
username to be there. In practical this means that I need to have that overlay
to split the values of a particular type of attribute (like 'memberUid') and
extract a particular part of it.

You're misusing the schema here. The memberUid attribute is only for simple 
user IDs, not DNs.

> It would be very nice if it was possible to use regular expressions with
backreferences for matching/rewriting the values or if there was a chance to
'plug in' an external program which accomplishes that job. (As far as i know
slapo-rwm is only capable of rewriting dn's and attribute names etc. but no
values, isn't it? So i need something else...)

slapo-rwm rewrites DNs in DN-valued attributes as well. "DN-valued" meaning 
that the attribute's syntax is distinguishedName. It does not rewrite any 
other attributes.

> Thanks in advance!
>   Tom


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/