Hello,
I try somehow to do what I explain below. But without success... I think I'm doing badly for the attribute mapping, maybe it would be better with the rwm overlay?
Could someone put me on the right track?
-> I have this : ---------------------------------------------------------------------------------------------------------------------------------------------------- dc=domain1,dc=local dc=domain2, dc=local |__ou=users |__ou= apps |__ou=standard |__ou= app1 |__cn = JOHN DOE | |__cn = DOEJOHN |__ att: sAMAccountName= DOEJOHN | |__att: Appval=valuex |__att: phonenumber=0102030405 |__ou= app2 |__cn= DOEJOHN |__att: Appval=valuey ----------------------------------------------------------------------------------------------------------------------------------------------------
-> and i wan't to do this : ---------------------------------------------------------------------------------------------------------------------------------------------------- dc=meta,dc=local |_ou=users |_cn= DOEJOHN |_att: phonenumber=0102030405 |_att: App1val=valuex |_att: App2val=valuey ----------------------------------------------------------------------------------------------------------------------------------------------------
-> I do it this way, with the meta backend : ---------------------------------------------------------------------------------------------------------------------------------------------------- ######################################################################### defaultsearchbase dc=meta,dc=local ### database META ##################################################### database meta suffix dc=meta,dc=local rootdn "cn=admin,dc=meta,dc=local" rootpw secret
## AD1 USERS ### uri "ldap://ad.domain1.local:389/ou=users,dc=meta,dc=local" suffixmassage "ou=users,dc=meta,dc=local" "ou=users,ou=standard,dc=domain1,dc=local" idassert-bind bindmethod=simple binddn="CN=reader,DC=domain1,DC=local" credentials="password" mode=self idassert-authzFrom "dn.regex:.*" access to * by * read map attribute uid sAMAccountname ## AD2 APP 1 ############### uri "ldap://ad.domain2.local:389/ou=users,dc=meta,dc=local" suffixmassage "ou=users,dc=meta,dc=local" "ou=app1,ou=apps,dc=domain2,dc=local" idassert-bind bindmethod=simple binddn="CN=reader,DC=domain2,DC=local" credentials="password" mode=self idassert-authzFrom "dn.regex:.*" access to * by * read map attribute uid cn map attribute App1val Appval
## AD2 APP 2 ############### uri "ldap://ad.domain2.local:389/ou=users,dc=meta,dc=local" suffixmassage "ou=users,dc=meta,dc=local" "ou=app2,ou=apps,dc=domain2,dc=local" idassert-bind bindmethod=simple binddn="CN=reader,DC=domain2,DC=local" credentials="password" mode=self idassert-authzFrom "dn.regex:.*" access to * by * read map attribute uid cn map attribute App2val Appval
lastmod off ----------------------------------------------------------------------------------------------------------------------------------------------------
I get this result, and it does not really correspond to what I want to get .... : ---------------------------------------------------------------------------------------------------------------------------------------------------- [root@server openldap]# ldapsearch -x "uid=DOEJOHN" -H 'ldap://localhost/' -b dc=meta,dc=local -LLL phonenumber App1val App2val dn: cn=JOHN DOE,ou=users,dc=meta,dc=local phonenumber: 0102030405
dn: cn=DOEJOHN,ou=users,dc=meta,dc=local App1val: valuex
dn: cn=DOEJOHN,ou=users,dc=meta,dc=local App2val: valuey ----------------------------------------------------------------------------------------------------------------------------------------------------
Regards, -- Greg
Le 20/06/2018 à 15:14, ROY Grégory a écrit :
Hello,
I try somehow to do what I explain below. But without success... I think I'm doing badly for the attribute mapping, maybe it would be better with the rwm overlay?
Could someone put me on the right track?
Hello Grégory,
I don't think this is possible with meta backend and rwm overlay. You can give a try to translucent overlay but the man page says it is designed to work with a local database and a remote database, not several remote database.
For your needs, my approach would have been to create a new LDAP directory that is synchronized with your remote data. You can use for example LSC (https://lsc-project.org/) to do this.
Hello Grégory, I don't think this is possible with meta backend and rwm overlay. You can give a try to translucent overlay but the man page says it is designed to work with a local database and a remote database, not several remote database. For your needs, my approach would have been to create a new LDAP directory that is synchronized with your remote data. You can use for example LSC (https://lsc-project.org/) to do this.
Hello Clément,
Thank you for your answer,
I tried with translucent (remote-remote) but unsuccessful.
My goal was to present to the ldap client a consolidated view of attributes from several ldap sources on the fly.
I was falling on this old post (http://blog.smile.fr/Les-meta-annuaires-d-entreprise#) that had made me hope for a feature like this (but with a database in this post)
But obviously, it is absolutely necessary to have a local database (translucent) or a new directory synchronized with the other remote directories to do that (but not on the fly). Pity that we can not combine back_meta and translucent, it would have been perfect for a meta-directory ...
Regards, -- Greg
openldap-technical@openldap.org