2:30 a.m.
Hi,
I've to convert a LDAP base from a suffix to another suffix.
The backend and directive relay works fine. I've also to change RDN of
some entries. The new RDN is based on mail attribut instead of uid.
How can I do this, using slapo-rwm and rewriteRules ?
Regards,
--
Raphaël 'SurcouF' Bordet
8:22 a.m.
I'm not entirely sure, but I think you're asking to rewrite attribute
values (aka "right hand sides"), e.g.:
[on disk you have]
attribute: value=something,base=oldBase
[but you want the clients to see]
attribute: value=something,base=newBase
You should be able to do this by rewriting searchAttrDN. Of course this
only works for DN-syntax attributes. If you're (ab)using Directory Strings
for this, then it's not going to happen without a custom overlay.
On Mon, 5 May 2008, Rapha�l 'SurcouF' Bordet wrote:
Hi,
I've to convert a LDAP base from a suffix to another suffix.
The backend and directive relay works fine. I've also to change RDN of
some entries. The new RDN is based on mail attribut instead of uid.
How can I do this, using slapo-rwm and rewriteRules ?
Regards,
--
Raphaël 'SurcouF' Bordet
6:35 a.m.
Le lundi 05 mai 2008 à 11:22 -0400, Aaron Richton a écrit :
I'm not entirely sure, but I think you're asking to rewrite
attribute
values (aka "right hand sides"), e.g.:
[on disk you have]
attribute: value=something,base=oldBase
[but you want the clients to see]
attribute: value=something,base=newBase
You should be able to do this by rewriting searchAttrDN. Of course this
only works for DN-syntax attributes. If you're (ab)using Directory Strings
for this, then it's not going to happen without a custom overlay.
Hi,
You've probably misunderstood my request.
An example will be more efficient :
I've some entries like this:
dn: uid=raphael.bordet,dc=xxx,dc=yy
objectclass: top
objectclass: person
uid: raphael.bordet
mail: raphael.bordet(a)microsoft.com
I want to translate this entrie to this :
dn: mail=raphael.bordet(a)microsoft.com,dc=xxx,dc=yy
objectclass: top
objectclass: person
uid: raphael.bordet
mail: raphael.bordet(a)microsoft.com
How can I do this ?
Regards,
--
Raphaël SurcouF
4:08 p.m.
Raphaël 'SurcouF' Bordet wrote:
You've probably misunderstood my request.
An example will be more efficient :
I've some entries like this:
dn: uid=raphael.bordet,dc=xxx,dc=yy
objectclass: top
objectclass: person
uid: raphael.bordet
mail: raphael.bordet(a)microsoft.com
I want to translate this entrie to this :
dn: mail=raphael.bordet(a)microsoft.com,dc=xxx,dc=yy
objectclass: top
objectclass: person
uid: raphael.bordet
mail: raphael.bordet(a)microsoft.com
How can I do this ?
You need something like
database relay
suffix "o=Example,c=US"
relay "dc=example,dc=com"
overlay rwm
rwm-rewriteEngine on
rwm-rewriteMap ldap mail2uid
"ldap://:9011/dc=example,dc=com?uid?sub"
rwm-rewriteMap ldap uid2mail
"ldap://:9011/dc=example,dc=com?mail?sub"
rwm-rewriteContext default
rwm-rewriteRule "^(.+,)?(mail=[^,]+),o=Example,c=US$"
"$1uid=${mail2uid($2)},dc=example,dc=com" ":@I"
rwm-rewriteRule "^(.+,)?o=Example,c=US$"
"$1dc=example,dc=com" ":@I"
rwm-rewriteContext searchEntryDN
rwm-rewriteRule "^(.+,)?(uid=[^,]+),dc=example,dc=com$"
"$1mail=${uid2mail($2)},o=Example,c=US" ":@I"
rwm-rewriteRule "^(.+,)?dc=example,dc=com$"
"$1o=Example,c=US" ":@I"
but it's ugly and inefficient. See slapo-rwm(5) for details.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------
4:27 p.m.
Pierangelo Masarati wrote:
You need something like
database relay
suffix "o=Example,c=US"
relay "dc=example,dc=com"
overlay rwm
rwm-rewriteEngine on
rwm-rewriteMap ldap mail2uid
"ldap://:9011/dc=example,dc=com?uid?sub"
rwm-rewriteMap ldap uid2mail
"ldap://:9011/dc=example,dc=com?mail?sub"
but it's ugly and inefficient. See slapo-rwm(5) for details.
Looks like we need to add "slapd" map info to slapo-rwm(5).
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
3:06 a.m.
Le jeudi 08 mai 2008 à 01:08 +0200, Pierangelo Masarati a écrit :
Raphaël 'SurcouF' Bordet wrote:
> You've probably misunderstood my request.
> An example will be more efficient :
>
> I've some entries like this:
>
> dn: uid=raphael.bordet,dc=xxx,dc=yy
> objectclass: top
> objectclass: person
> uid: raphael.bordet
> mail: raphael.bordet(a)microsoft.com
>
> I want to translate this entrie to this :
>
> dn: mail=raphael.bordet(a)microsoft.com,dc=xxx,dc=yy
> objectclass: top
> objectclass: person
> uid: raphael.bordet
> mail: raphael.bordet(a)microsoft.com
>
> How can I do this ?
You need something like
Hi,
Thanks for this tips, it's works fine.
database relay
suffix "o=Example,c=US"
relay "dc=example,dc=com"
overlay rwm
rwm-rewriteEngine on
rwm-rewriteMap ldap mail2uid
"ldap://:9011/dc=example,dc=com?uid?sub"
rwm-rewriteMap ldap uid2mail
"ldap://:9011/dc=example,dc=com?mail?sub"
rwm-rewriteContext default
rwm-rewriteRule "^(.+,)?(mail=[^,]+),o=Example,c=US$"
"$1uid=${mail2uid($2)},dc=example,dc=com" ":@I"
Why this rule is needed ?
rwm-rewriteRule "^(.+,)?o=Example,c=US$"
"$1dc=example,dc=com" ":@I"
This rule isn't needed when I'm using "massage" argument for
"relay"
directive.
rwm-rewriteContext searchEntryDN
rwm-rewriteRule "^(.+,)?(uid=[^,]+),dc=example,dc=com$"
"$1mail=${uid2mail($2)},o=Example,c=US" ":@I"
This rule work fine. I've tried to do the same rule for departmentNumber
and departmentUID RDN change but slapd doesn't start if I set this
following rules :
rwm-rewriteContext searchEntryDN
rwm-rewriteRule "^(.+,)?(uid=[^,]+),dc=example,dc=com$"
"$1mail={uid2mail($2)},o=Example,c=US" ":I"
rwm-rewriteRule "^(.+,)?(departmentUID=[^,]+),dmdName=[^,]+,dc=[a-zA-Z]+,dc=example,dc=com$"
"$1departmentNumber={uid2number($2)},ou=services,o=Example,c=US$"
":@I"
rwm-rewriteRule "^(.+,)?dc=example,dc=com$"
"$1o=Example,c=US" ":@I"
This rule isn't needed when I'm using "massage" argument for
"relay"
directive.
Last question : can I modify returned attribute value using rwm ?
Regards,
--
Raphaël 'SurcouF' Bordet
11:57 a.m.
Raphaël 'SurcouF' Bordet wrote:
Thanks for this tips, it's works fine.
> database relay
> suffix "o=Example,c=US"
> relay "dc=example,dc=com"
> overlay rwm
> rwm-rewriteEngine on
> rwm-rewriteMap ldap mail2uid
> "ldap://:9011/dc=example,dc=com?uid?sub"
> rwm-rewriteMap ldap uid2mail
> "ldap://:9011/dc=example,dc=com?mail?sub"
>
> rwm-rewriteContext default
> rwm-rewriteRule "^(.+,)?(mail=[^,]+),o=Example,c=US$"
> "$1uid=${mail2uid($2)},dc=example,dc=com" ":@I"
Why this rule is needed ?
> rwm-rewriteRule "^(.+,)?o=Example,c=US$"
> "$1dc=example,dc=com" ":@I"
This rule isn't needed when I'm using "massage" argument for
"relay"
directive.
The "massage" directive automatically instantiates the equivalent of
this rule, and more. I rather configure those rules manually to be able
to fine-grain control the order of execution of rules.
> rwm-rewriteContext searchEntryDN
> rwm-rewriteRule "^(.+,)?(uid=[^,]+),dc=example,dc=com$"
> "$1mail=${uid2mail($2)},o=Example,c=US" ":@I"
This rule work fine. I've tried to do the same rule for departmentNumber
and departmentUID RDN change but slapd doesn't start if I set this
following rules :
rwm-rewriteContext searchEntryDN
rwm-rewriteRule "^(.+,)?(uid=[^,]+),dc=example,dc=com$"
"$1mail={uid2mail($2)},o=Example,c=US" ":I"
rwm-rewriteRule "^(.+,)?(departmentUID=[^,]+),dmdName=[^,]+,dc=[a-zA-Z]+,dc=example,dc=com$"
"$1departmentNumber={uid2number($2)},ou=services,o=Example,c=US$"
":@I"
Did you define the uid2number map?
> rwm-rewriteRule "^(.+,)?dc=example,dc=com$"
> "$1o=Example,c=US" ":@I"
This rule isn't needed when I'm using "massage" argument for
"relay"
directive.
See above.
Last question : can I modify returned attribute value using rwm ?
Only DN-valued attributes. It (intentionally) doesn't work for other attrs.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------
12:29 p.m.
Pierangelo Masarati <ando(a)sys-net.it> wrote:
Only DN-valued attributes. It (intentionally) doesn't work for
other
attrs.
Why? I recently atempted to use it and gave up because of that.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu(a)netbsd.org
2:25 p.m.
Emmanuel Dreyfus wrote:
Pierangelo Masarati <ando(a)sys-net.it> wrote:
> Only DN-valued attributes. It (intentionally) doesn't work for other
> attrs.
Why? I recently atempted to use it and gave up because of that.
Because the purpose of slapo-rwm is to muck with naming contexts to
implement virtual views on data. Arbitrary access to attribute values
means mucking with users' data, which is considered a bad practice. In
any case, feel free to remove that limitation by modifying slapo-rwm's code.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------
8:32 p.m.
Pierangelo Masarati <ando(a)sys-net.it> wrote:
Because the purpose of slapo-rwm is to muck with naming contexts to
implement virtual views on data. Arbitrary access to attribute values
means mucking with users' data, which is considered a bad practice. In
any case, feel free to remove that limitation by modifying slapo-rwm's code.
The attribute I wanted to remap was handled by slapo-dynlist. I already
addressed that in slapo-dynlist itself.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu(a)netbsd.org
7:02 a.m.
Le mardi 13 mai 2008 à 20:57 +0200, Pierangelo Masarati a écrit :
Raphaël 'SurcouF' Bordet wrote:
> Thanks for this tips, it's works fine.
>
>> database relay
>> suffix "o=Example,c=US"
>> relay "dc=example,dc=com"
>> overlay rwm
>> rwm-rewriteEngine on
>> rwm-rewriteMap ldap mail2uid
>> "ldap://:9011/dc=example,dc=com?uid?sub"
>> rwm-rewriteMap ldap uid2mail
>> "ldap://:9011/dc=example,dc=com?mail?sub"
>>
>> rwm-rewriteContext default
>> rwm-rewriteRule "^(.+,)?(mail=[^,]+),o=Example,c=US$"
>> "$1uid=${mail2uid($2)},dc=example,dc=com" ":@I"
>
> Why this rule is needed ?
>
>> rwm-rewriteRule "^(.+,)?o=Example,c=US$"
>> "$1dc=example,dc=com" ":@I"
>
> This rule isn't needed when I'm using "massage" argument for
"relay"
> directive.
The "massage" directive automatically instantiates the equivalent of
this rule, and more. I rather configure those rules manually to be able
to fine-grain control the order of execution of rules.
>> rwm-rewriteContext searchEntryDN
>> rwm-rewriteRule "^(.+,)?(uid=[^,]+),dc=example,dc=com$"
>> "$1mail=${uid2mail($2)},o=Example,c=US" ":@I"
>
> This rule work fine. I've tried to do the same rule for departmentNumber
> and departmentUID RDN change but slapd doesn't start if I set this
> following rules :
>
> rwm-rewriteContext searchEntryDN
> rwm-rewriteRule "^(.+,)?(uid=[^,]+),dc=example,dc=com$"
> "$1mail={uid2mail($2)},o=Example,c=US" ":I"
>
rwm-rewriteRule "^(.+,)?(departmentUID=[^,]+),dmdName=[^,]+,dc=[a-zA-Z]+,dc=example,dc=com$"
> "$1departmentNumber={uid2number($2)},ou=services,o=Example,c=US$"
> ":@I"
Did you define the uid2number map?
Yes I've theses following directives :
rwm-rewriteMap ldap number2uid
"ldap://:389/dc=example,dc=com?departmentUID?sub"
rwm-rewriteMap ldap uid2number
"ldap://:389/dc=example,dc=com?departmentNumber?sub"
>> rwm-rewriteRule
"^(.+,)?dc=example,dc=com$"
>> "$1o=Example,c=US" ":@I"
>
> This rule isn't needed when I'm using "massage" argument for
"relay"
> directive.
See above.
> Last question : can I modify returned attribute value using rwm ?
Only DN-valued attributes. It (intentionally) doesn't work for other attrs.
Ok. It's easy to enable ?
--
Raphaël 'SurcouF' Bordet
9:30 a.m.
Raphaël 'SurcouF' Bordet wrote:
>> This rule work fine. I've tried to do the same rule for
departmentNumber
>> and departmentUID RDN change but slapd doesn't start if I set this
>> following rules :
If slapd doesn't start, it's supposed to log something. Try enabling as
much log as needed to understand why it doesn't start.
>>
>> rwm-rewriteContext searchEntryDN
>> rwm-rewriteRule "^(.+,)?(uid=[^,]+),dc=example,dc=com$"
>> "$1mail={uid2mail($2)},o=Example,c=US" ":I"
>>
rwm-rewriteRule "^(.+,)?(departmentUID=[^,]+),dmdName=[^,]+,dc=[a-zA-Z]+,dc=example,dc=com$"
>> "$1departmentNumber={uid2number($2)},ou=services,o=Example,c=US$"
>> ":@I"
> Did you define the uid2number map?
Yes I've theses following directives :
rwm-rewriteMap ldap number2uid
"ldap://:389/dc=example,dc=com?departmentUID?sub"
rwm-rewriteMap ldap uid2number
"ldap://:389/dc=example,dc=com?departmentNumber?sub"
>>> rwm-rewriteRule "^(.+,)?dc=example,dc=com$"
>>> "$1o=Example,c=US" ":@I"
>> This rule isn't needed when I'm using "massage" argument for
"relay"
>> directive.
> See above.
>
>> Last question : can I modify returned attribute value using rwm ?
> Only DN-valued attributes. It (intentionally) doesn't work for other attrs.
Ok. It's easy to enable ?
You need to modify the code. It'll probably check somewhere the syntax
of the attributes, in order to skip mucking with non DN-valued attrs.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------
5687
days inactive
5696
days old
openldap-software@openldap.org
11 comments
5 participants
participants (5)
-
Aaron Richton -
Howard Chu -
manu@netbsd.org -
Pierangelo Masarati -
Raphaël 'SurcouF' Bordet