Hi,
My question is relative to "how to hide a namingContext in rootDSE?". But for information, I will explain why I need to configure this.
Ref : http://www.openldap.org/lists/openldap-software/200501/msg00494.html
I have two distinct OpenLDAP servers : - V1 : "o=example" ; - V2 : "dc=example,dc=com"
I would like to delete the first one, and to allow most of V1's actions on V2 : - respond to V1 suffix ; - take care of DN in search result ; - take care of DN in uniqueMember ;
For the moment, I have : - 1 back-ldap on "o=example" ; rwm-suffixmassage "o=example" "o=example transitional" rwm-map attribute uniqueMember tmpUniqueMember - 1 back-ldap on "o=example transitional" rwm-suffixmassage "o=example transitional" "dc=example,dc=com" rwm-map attribute tmpUniqueMember uniqueMember - 1 back-hdb on "dc=example,dc=com" datas... nothing special - define tmpUniqueMember inherits from member, and used by an auxiliary objectclass in my groups
All work fine. DN are rewritten on my uniqueMember's values. But, I think it is really ugly...
Well now, I have few questions : 1/ Is there a better way to do this, without rewrite V2 values ? 2/ How can I hide my transitional LDAP suffix in the rootDSE ? 3/ Could it be possible to close all on this transitional LDAP backend and allow read access only for a particular user which will be use by the first LDAP backend (through acl-bind for example) ?
Cheers, Thomas
-- Thomas Chemineau Groupe LINAGORA - http://www.linagora.com Tél.: +33(0)1 58 18 68 28 - Fax : +33(0)1 58 18 68 29