Hi !
I have a branch "ou=people" where RDN are in the form "X1234" and NEVER change for one people. Ex. : uid=X1234,ou=people,dc=example,dc=org
In this node, I have the login under "eduPersonPrincipalName" attribute which MAY change.
Some applications doesn't allow us to define which login to use and so take "uid" attribute by default, not so cool.
Is there any possibility in OpenLDAP to duplicate dynamically an OU with another RDN to have for example : uid=sylvain,ou=peoplebis,dc=example,dc=org ?
Best regards, Sylvain
On 04/29/14 14:57 +0200, Sylvain wrote:
Hi !
I have a branch "ou=people" where RDN are in the form "X1234" and NEVER change for one people. Ex. : uid=X1234,ou=people,dc=example,dc=org
In this node, I have the login under "eduPersonPrincipalName" attribute which MAY change.
Some applications doesn't allow us to define which login to use and so take "uid" attribute by default, not so cool.
Is there any possibility in OpenLDAP to duplicate dynamically an OU with another RDN to have for example : uid=sylvain,ou=peoplebis,dc=example,dc=org ?
The rwm overlay should handle this. Point your broken applications to a unique suffix (e.g. dc=example,dc=org,dc=brokenapps), which overwrites the incoming DN to use eduPersonPrincipalName instead of uid. See slapo-rwm(5).
2014-04-29 15:32 GMT+02:00 Dan White dwhite@olp.net:
On 04/29/14 14:57 +0200, Sylvain wrote:
Hi !
I have a branch "ou=people" where RDN are in the form "X1234" and NEVER change for one people. Ex. : uid=X1234,ou=people,dc=example,dc=org
In this node, I have the login under "eduPersonPrincipalName" attribute which MAY change.
Some applications doesn't allow us to define which login to use and so take "uid" attribute by default, not so cool.
Is there any possibility in OpenLDAP to duplicate dynamically an OU with another RDN to have for example : uid=sylvain,ou=peoplebis,dc=example,dc=org ?
The rwm overlay should handle this. Point your broken applications to a unique suffix (e.g. dc=example,dc=org,dc=brokenapps), which overwrites the incoming DN to use eduPersonPrincipalName instead of uid. See slapo-rwm(5).
You could also use alias if the application supports them. With LSC ( http://lsc-project.org) it is really is to create a synchronization task that will create aliases in a new branch.
Clément.
Clément OUDOT wrote:
2014-04-29 15:32 GMT+02:00 Dan White <dwhite@olp.net mailto:dwhite@olp.net>:
On 04/29/14 14:57 +0200, Sylvain wrote: Hi ! I have a branch "ou=people" where RDN are in the form "X1234" and NEVER change for one people. Ex. : uid=X1234,ou=people,dc=__example,dc=org In this node, I have the login under "eduPersonPrincipalName" attribute which MAY change. Some applications doesn't allow us to define which login to use and so take "uid" attribute by default, not so cool. Is there any possibility in OpenLDAP to duplicate dynamically an OU with another RDN to have for example : uid=sylvain,ou=peoplebis,dc=__example,dc=org ? The rwm overlay should handle this. Point your broken applications to a unique suffix (e.g. dc=example,dc=org,dc=__brokenapps), which overwrites the incoming DN to use eduPersonPrincipalName instead of uid. See slapo-rwm(5).You could also use alias if the application supports them. With LSC (http://lsc-project.org) it is really is to create a synchronization task that will create aliases in a new branch.
That is a horrible suggestion, for multiple reasons. E.g., Aliases only work on Search requests. Most LDAP servers don't even implement aliases, they're a bad idea that should be eradicated from practice.
Howard Chu wrote:
Clément OUDOT wrote:
You could also use alias if the application supports them. With LSC (http://lsc-project.org) it is really is to create a synchronization task that will create aliases in a new branch.
That is a horrible suggestion, for multiple reasons. E.g., Aliases only work on Search requests. Most LDAP servers don't even implement aliases, they're a bad idea that should be eradicated from practice.
I wholeheartly agree. Aliases are a broken concept and should be avoided just like referrals.
Ciao, Michael.
I didn't know rwm overlay, it sounds very cool, I'll try next week, many thanks :)
Sylvain
2014-04-29 15:32 GMT+02:00 Dan White dwhite@olp.net:
On 04/29/14 14:57 +0200, Sylvain wrote:
Hi !
I have a branch "ou=people" where RDN are in the form "X1234" and NEVER change for one people. Ex. : uid=X1234,ou=people,dc=example,dc=org
In this node, I have the login under "eduPersonPrincipalName" attribute which MAY change.
Some applications doesn't allow us to define which login to use and so take "uid" attribute by default, not so cool.
Is there any possibility in OpenLDAP to duplicate dynamically an OU with another RDN to have for example : uid=sylvain,ou=peoplebis,dc=example,dc=org ?
The rwm overlay should handle this. Point your broken applications to a unique suffix (e.g. dc=example,dc=org,dc=brokenapps), which overwrites the incoming DN to use eduPersonPrincipalName instead of uid. See slapo-rwm(5).
-- Dan White
openldap-technical@openldap.org
-
Clément OUDOT -
Dan White -
Howard Chu -
Michael Ströder -
Sylvain