Hi,
As we store a lot of information in our LDAP server, we are looking to simplify and optimize our LDAP strucutre.
Actually we have plenty OUs (like people and vpn shown hereunder) and lot of fields are duplicate (same fields with same content in different OUs). As this is not optimum and makes us push any change for a user into all concerned OUs, we woul like to use aliasing to avoid duplicating entries:
This is an example of what a user would look like: dn: uid=1,ou=people,dc=red,dc=com objectClass: organizationalPerson objectClass: person objectClass: top objectClass: extensibleObject cn: Frank sn: Moses givenName: Frank Moses mail: frank.moses@red.com userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX uid: 1
This is an example of what is to be found in the vpn account of the same user (we have home made schemas, so there are some special attributes): dn: uid=1,ou=vpn,dc=red,dc=com objectClass: top objectClass: openvpn objectClass: extensibleObject uid: 1 cn: Frank sn: Moses userUid: 1 vpnEnabled: TRUE mail: frank.moses@red.com userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
As you can see fields cn, sn, mail are the same in both... We would like to change this to make our LDAP more dynamic. Therefore, we changed the vpn account to: dn: uid=1,ou=vpn,dc=red,dc=com objectClass: top objectClass: openvpn objectClass: extensibleObject objectClass: alias uid: 1 aliasedObjectName: uid=1,ou=people,dc=red,dc=com userUid: 1 vpnEnabled: TRUE
But when requesting the server with ldapsearch it seems not to work, or maybe we just are missing someting...! For example when requesting the cn of the vpn user we would like to have the cn field in the "uid=1,ou=people,dc=red,dc=com" account.
Our search: ldapsearch -W -D "cn=admin,dc=red,dc=com" -x -b 'uid=1,ou=vpn,dc=red,dc=com' cn
Gives: # extended LDIF # # LDAPv3 # base <uid=1,ou=vpn,dc=red,dc=com> with scope subtree # filter: (objectclass=*) # requesting: cn #
# 1, vpn, red.com dn: uid=1,ou=vpn,dc=red,dc=com
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
But no "cn" value returned... What are we doing wrong ?
Thank you, Best regards, ZP