Shane wrote:

Hi All,

I'm looking for some help in writing a rewrite rule or some other back-ldap etc to "masquerade" some groupOfNames objects as posixGroups

• the reason for this is to allow me to move forward with implementing

"proper" groups within the LDAP server for use with ACL's etc but to provide backwards compatibility / inter-operability with clients that don't [yet] support groupOfNames

I started some work on this a while ago but never got anywhere - only managed to ever get the server to tell me my rules were invalid and it wouldn't start - annoyingly I deleted the rules from the slapd file and now can't find test copy that had them around ...so starting afresh basically and hoping someone else has done this or similar so I don't need to re-invent the wheel.

It's simply impossible, since the two objectclasses require different attributes whose syntax is incompatible; no wonder you didn't succeed. What you could do is write some specific code (an overlay) that presents posixGroups as groupOfNames (or vice-versa, as in your case), but in that case I'd rather sanitize my database.

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------