On Mon, 26 Jan 2009, Jonathan Knight wrote:
[...cut...]
I'm battling the Blackboard WebCT Vista product which allows me to specify attributes to look up for the username, but does not allow me to specifically define the search filter.
My plan is to use the rewrite/remap overlay to create a fake hierarchy within
[...cut...]
Well, configuring OpenLDAP Software in the name of workarounds for poorly designed clients is a slippery slope (albeit all too often necessary)...your best bet is of course client enhancement. With that said...
I think you're making this harder than it needs to be, or at least in a way that I find less intuitive. If you can configure a bind DN, might I suggest:
access to dn.subtree="ou=People,dc=example,dc=com" filter="(isAWebCTUser=FALSE)" by dn.exact="cn=pullTheWoolOverMyEyes,dc=example,dc=com" none by * none break
# [...add more here, possibly w/ (isAWebCTUser=TRUE)...]
If you can't configure the bind DN, you can back-relay your database and apply a similar ACL. I believe the bind DN will have lower overhead than the back-relay, although they're both relatively cheap in the grand scheme of things.