Hi all,
I'm trying to setup a ldap server with openldap 2.3 and I need some lights about how to do it.
I explain:
My company already have a central ldap server (openldap 2.2) on which I can find all users and authenticate them, but the corresponding attributes (homedir, shell, gidnumber) aren't relevant for my department. My problem is that I want to use the central ldap serveur for authentification purpose and store locally the other datas.
Yeah, it seems easy to solve using the rwm overlay and a ldap backend, but it isn't, because the users are located on different OUs on the remote ldap server.
So there is the relevant part of my slapd.conf, which works great for the first user unit :
####################################
overlay rwm
rwm-rewriteEngine on
rwm-rewriteContext bindDN
# path to the remote users : ou="unit_number",ou=people,dc=example,dc=com
# path to the local users : cn=users,dc=local,dc=example,dc=com
rwm-rewriteRule "^uid=([^,]+),cn=users,dc=local,dc=example,dc=com$" "uid=$1,ou=unit_1,ou=people,dc=example,dc=com" ":@"
# Database for remote Authentification
database ldap
suffix "ou=people,dc=example,dc=com"
uri "ldap://remote-ldap.example.com:389/"
restrict read write extended
# Local Database
database bdb
suffix "dc=local,dc=example,dc=com"
####################################
I tried to complete my setup by adding a line like :
uri "ldap://remote-ldap.example.com:389/ou=people,dc=example,dc=com??sub?(&(objectClass=posixAccount)(uid=$1))
"
but the ldap backend isn't designed to do that ^^
So, is there a way to work around it ?
Thanks for your help,
Frava.