I'm a bit new to the openldap package - my experience really dates back to the X500 QUIPU days in the early 90's so while I understand the priciples, it's the details of the software package that are something of a mystery.
We're implementing LDAP for a variety of applications and we're going to use boolean attributes in the schema to determine whether a service should be enabled or disabled for a particular user.
So, for example, we have an attribute of "kdiremail" which is true if the user is allowed to use the email service and false if their not. This works well with tools like dovecot because we can set up the search filter to only authenticate users who have that attribute set to true.
However, some applications are born into an Active Directory world where such things seem to be unknown.
I'm battling the Blackboard WebCT Vista product which allows me to specify attributes to look up for the username, but does not allow me to specifically define the search filter.
My plan is to use the rewrite/remap overlay to create a fake hierarchy within our exisiting DIT where the search filter values are re-written to include a check to see if kdirvle is true. So then any searches on that DN will only return users who are allowed to use the VLE, I can then point our WebCT service to that basedn.
I think this overlay will do the job I want, but I can see that there are many overlays in the openldap package and I wanted to check with someone more experienced that I am that the rewrite/remap overlay is the right choice for this kind of job.
Jon.