PHILIP LEMBO wrote:
We have a Sun Directory 5.x whose DIT has entry dn's in the format
"uid=xxxxxxx,ou=people,l=region,dc=example,dc=com"
with "region" being the name of each of 4 continents (north america, south america, asia, europe).
What I'd like to do is use the OpenLDAP meta backend to rewrite those dns so that searches against the OpenLDAP server return these dns in the format
"uid=xxxxxxx,ou=people,dc=example,dc=com"
The OpenLDAP server was built with --enable-overlays, as well as --enable-meta and --enable-ldap, in addition to the defaults.
I've looked over the doc for slapd-meta, slapd-ldap, slapo-rwm and slapo-glue, as well as the configs in the distribution test scripts, without coming up with a working slapd.conf to accomplish this.
Questions: (1) is this possible with any released version of OpenLDAP?; (2) If so, does anyone have a working example of a config that they could post here?
It is possible if your sun directory allows you to search for "dc=example,dc=com". In that case, you should use something like
database ldap suffix "dc=example,dc=com" uri "ldap://remote/"
overlay rwm rwm-rewriteEngine on rwm-rewriteContext default rwm-rewriteContext searchEntryDN rwm-rewriteRule "(.+,)?l=[^,]+,dc=example,dc=com" "$1dc=example,dc=com" ":@" rwm-rewriteContext searchAttrDN alias searchEntryDN rwm-rewriteContext matchedDN alias searchEntryDN rwm-rewriteContext referralDN alias searchEntryDN
This configuration suffers from a number of problems:
1) you'll get 5 entries whose dn is "dc=example,dc=com", since those with dn "l=something,dc=example,dc=com" will have the "l=something" part stripped.
2) you'll get 4 entries whose dn is "ou=People,dc=example,dc=com" for the same reason above
3) you'll get other duplicate entries if entries with the same dn, except for the "l=something" part, exist
4) you won't be able to access entries directly, because any entry whose dn looks like "<whatever>,dc=example,dc=com" would need to be expanded to "<whatever>,l=something,dc=example,dc=com", which is obviously impossible.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------