Howard Chu writes:
Thomas Wunder wrote:
The whole thing is needed because slapo-autogroup puts in full DNs as attribute values but my client programs (e.g. nss-ldapd) expect only a plain username to be there. In practical this means that I need to have that overlay to split the values of a particular type of attribute (like 'memberUid') and extract a particular part of it.
You're misusing the schema here. The memberUid attribute is only for simple user IDs, not DNs.
...so you should put DNs in the 'member' attribute like the autogroup doc says. And you could write an overlay which inspects 'member' and creates a 'memberUid' attribute. If you take that route, look at overlay usn in contrib/slapd-modules/ for a "template" if you want memberUid to be maintained when member is updated, or allop or overlays/dynlist if you want the attributes to be generated dynamically for searches. The latter means member and memberUid will guaranteed be in sync, but some operations won't see memberUid - e.g. like filtering for a memberUid, depending on how thoroughly you implement it.