I have some special requirements for a ldap installation. I want to use
a central ldap for a group of users having access to different services.
The user should be able to set a different password for each service. I
try to keep the effort low, therefor I particularly do not want to
modify each of the services. (They all authenticate via ldap-bind.)
To archive the desired features I tried to use the following entity
The uid=alex entity is the real account. Storing the name, uid, the
master password for this account and possibly other attributes. The
"sub"-entities with cn=service* should only store the password, if it is
set to a special value.
Now the problem: It should be find the service entities if matched
against attributes of the "master" account. That means that I want to
search for (uid=alex) and want to find all the three dns mentioned above
(but only the first dn should keep the real data - I do not want to sync
all data on every change into all "sub"-entities).
What I have tried so far:
- collect-overlay: Apart from the problem, that I have to specify the
explicit master dn (it is impossible to specify some thing like
uid=*,ou=People...), the collected attributes could not be matched
with an filter during ldap search.
- rwm-overlay: I did not find a context, where I could rewrite the dn,
that is matched against a filter and I do not know if it is possible.
The searchFilterAttrDN context sounds promising, but I did not find
So what can I do, to get it working. It seems, that maybe an
ldap-backend or meta-backend proxying the requests to the local server,
could used to archive that, but I wanted to know if there is any easier
If the attributes are inherited the ldap-bind with the password fallback
could be archived in a way with the rwm-overlay:
olcRwmRewrite: rwm-rewriteEngine "on"
olcRwmRewrite: rwm-rewriteMap slapd usermap
olcRwmRewrite: rwm-rewriteContext "bindDN"
olcRwmRewrite: rwm-rewriteRule "^(cn=[^,]+),(uid=[^,]+),.*$"
olcRwmRewrite: rwm-rewriteRule "^cn=[^,]+,(uid=[^,]+),.*$"
Show replies by date