Hi, i'm trying to accomplish this kind of attribute and objectclass mapping with slapd-meta:
map objectclass inetOrgPerson User map attribute cn givenName map objectclass groupOfNames Group map attribute cn name
But it seems that attribute mapping affects attributes of all objectclasses, so I obtain a "duplicate attribute mapping" error with lines 2 and 4. How can I establish a per-objectclass attribute mapping so I don't obtain that error?
Thanks in advance!
Dani.
Daniel Montero Motilla wrote:
Hi, i'm trying to accomplish this kind of attribute and objectclass mapping with slapd-meta:
map objectclass inetOrgPerson User map attribute cn givenName map objectclass groupOfNames Group map attribute cn name
But it seems that attribute mapping affects attributes of all objectclasses, so I obtain a "duplicate attribute mapping" error with lines 2 and 4. How can I establish a per-objectclass attribute mapping so I don't obtain that error?
You can't (AFAIK).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
Ok, but taking apart the possibility of explicitly mapping per objectclass, in the example I'm exposing I don't understand the error checking back-meta does, I map foreign 'givenName' to local 'cn' and foreign 'name' to local 'cn', what would be the problem with that? (that is in fact the behaviour I'm looking for).
Regards,
Dani.
2006/11/1, Pierangelo Masarati ando@sys-net.it:
Daniel Montero Motilla wrote:
Hi, i'm trying to accomplish this kind of attribute and objectclass mapping with slapd-meta:
map objectclass inetOrgPerson User map attribute cn givenName map objectclass groupOfNames Group map attribute cn name
But it seems that attribute mapping affects attributes of all objectclasses, so I obtain a "duplicate attribute mapping" error with lines 2 and 4. How can I establish a per-objectclass attribute mapping so I don't obtain that error?
You can't (AFAIK).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it
Daniel Montero Motilla wrote:
Ok, but taking apart the possibility of explicitly mapping per objectclass, in the example I'm exposing I don't understand the error checking back-meta does, I map foreign 'givenName' to local 'cn' and foreign 'name' to local 'cn', what would be the problem with that? (that is in fact the behaviour I'm looking for).
You have the configuration backwards then, since it should be map attribute <local> <remote>
but that's kind of moot. This function is a "mapping" in the mathematical sense - it is 1-to-1 and onto. And it must be, because it is used bidirectionally. I.e., if the backend receives a request for the local attribute, it must map it to the remote before forwarding the request. If you allowed multiple maps to refer to the same local attribute, it would be impossible to decide which to use when forwarding the request.
Since you cannot determine the objectclasses that are involved in the attribute list of a search request, there is no way to provide per-objectclass mapping in that direction.
Nor can you unambiguously do this in the remote-to-local direction since an entry can belong to many objectclasses at once.
Regards,
Dani.
2006/11/1, Pierangelo Masarati ando@sys-net.it:
Daniel Montero Motilla wrote:
Hi, i'm trying to accomplish this kind of attribute and objectclass mapping with slapd-meta:
map objectclass inetOrgPerson User map attribute cn givenName map objectclass groupOfNames Group map attribute cn name
But it seems that attribute mapping affects attributes of all objectclasses, so I obtain a "duplicate attribute mapping" error with lines 2 and 4. How can I establish a per-objectclass attribute mapping so I don't obtain that error?
You can't (AFAIK).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it
Howard Chu wrote:
You have the configuration backwards then, since it should be map attribute <local> <remote>
Never mind that bit, your example was in the proper order.
but that's kind of moot.
It still makes no difference for your main question though.
openldap-software@openldap.org
-
Daniel Montero Motilla -
Howard Chu -
Pierangelo Masarati