5:57 a.m.
Hi !
I have a branch "ou=people" where RDN are in the form "X1234" and
NEVER
change for one people.
Ex. : uid=X1234,ou=people,dc=example,dc=org
In this node, I have the login under "eduPersonPrincipalName" attribute
which MAY change.
Some applications doesn't allow us to define which login to use and so take
"uid" attribute by default, not so cool.
Is there any possibility in OpenLDAP to duplicate dynamically an OU with
another RDN to have for example :
uid=sylvain,ou=peoplebis,dc=example,dc=org ?
Best regards,
Sylvain
6:32 a.m.
On 04/29/14 14:57 +0200, Sylvain wrote:
Hi !
I have a branch "ou=people" where RDN are in the form "X1234" and
NEVER
change for one people.
Ex. : uid=X1234,ou=people,dc=example,dc=org
In this node, I have the login under "eduPersonPrincipalName" attribute
which MAY change.
Some applications doesn't allow us to define which login to use and so take
"uid" attribute by default, not so cool.
Is there any possibility in OpenLDAP to duplicate dynamically an OU with
another RDN to have for example :
uid=sylvain,ou=peoplebis,dc=example,dc=org ?
The rwm overlay should handle this. Point your broken applications to a
unique suffix (e.g. dc=example,dc=org,dc=brokenapps), which overwrites the
incoming DN to use eduPersonPrincipalName instead of uid. See slapo-rwm(5).
--
Dan White
11:28 p.m.
2014-04-29 15:32 GMT+02:00 Dan White <dwhite(a)olp.net>:
On 04/29/14 14:57 +0200, Sylvain wrote:
> Hi !
>
> I have a branch "ou=people" where RDN are in the form "X1234" and
NEVER
> change for one people.
> Ex. : uid=X1234,ou=people,dc=example,dc=org
>
> In this node, I have the login under "eduPersonPrincipalName" attribute
> which MAY change.
>
> Some applications doesn't allow us to define which login to use and so
> take
> "uid" attribute by default, not so cool.
>
> Is there any possibility in OpenLDAP to duplicate dynamically an OU with
> another RDN to have for example :
> uid=sylvain,ou=peoplebis,dc=example,dc=org ?
>
The rwm overlay should handle this. Point your broken applications to a
unique suffix (e.g. dc=example,dc=org,dc=brokenapps), which overwrites the
incoming DN to use eduPersonPrincipalName instead of uid. See slapo-rwm(5).
You could also use alias if the application supports them. With LSC (
http://lsc-project.org) it is really is to create a synchronization task
that will create aliases in a new branch.
Clément.
5:03 a.m.
Clément OUDOT wrote:
2014-04-29 15:32 GMT+02:00 Dan White <dwhite(a)olp.net
<mailto:dwhite@olp.net>>:
On 04/29/14 14:57 +0200, Sylvain wrote:
Hi !
I have a branch "ou=people" where RDN are in the form "X1234"
and NEVER
change for one people.
Ex. : uid=X1234,ou=people,dc=__example,dc=org
In this node, I have the login under "eduPersonPrincipalName"
attribute
which MAY change.
Some applications doesn't allow us to define which login to use and so
take
"uid" attribute by default, not so cool.
Is there any possibility in OpenLDAP to duplicate dynamically an OU with
another RDN to have for example :
uid=sylvain,ou=peoplebis,dc=__example,dc=org ?
The rwm overlay should handle this. Point your broken applications to a
unique suffix (e.g. dc=example,dc=org,dc=__brokenapps), which overwrites the
incoming DN to use eduPersonPrincipalName instead of uid. See slapo-rwm(5).
You could also use alias if the application supports them. With LSC
(http://lsc-project.org) it is really is to create a synchronization task that
will create aliases in a new branch.
That is a horrible suggestion, for multiple reasons. E.g., Aliases only work
on Search requests. Most LDAP servers don't even implement aliases, they're a
bad idea that should be eradicated from practice.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
10:38 a.m.
Howard Chu wrote:
Clément OUDOT wrote:
> You could also use alias if the application supports them. With LSC
> (http://lsc-project.org) it is really is to create a synchronization task that
> will create aliases in a new branch.
That is a horrible suggestion, for multiple reasons. E.g., Aliases only work
on Search requests. Most LDAP servers don't even implement aliases, they're a
bad idea that should be eradicated from practice.
I wholeheartly agree.
Aliases are a broken concept and should be avoided just like referrals.
Ciao, Michael.
1:37 a.m.
I didn't know rwm overlay, it sounds very cool, I'll try next week, many
thanks :)
Sylvain
2014-04-29 15:32 GMT+02:00 Dan White <dwhite(a)olp.net>:
On 04/29/14 14:57 +0200, Sylvain wrote:
> Hi !
>
> I have a branch "ou=people" where RDN are in the form "X1234" and
NEVER
> change for one people.
> Ex. : uid=X1234,ou=people,dc=example,dc=org
>
> In this node, I have the login under "eduPersonPrincipalName" attribute
> which MAY change.
>
> Some applications doesn't allow us to define which login to use and so
> take
> "uid" attribute by default, not so cool.
>
> Is there any possibility in OpenLDAP to duplicate dynamically an OU with
> another RDN to have for example :
> uid=sylvain,ou=peoplebis,dc=example,dc=org ?
>
The rwm overlay should handle this. Point your broken applications to a
unique suffix (e.g. dc=example,dc=org,dc=brokenapps), which overwrites the
incoming DN to use eduPersonPrincipalName instead of uid. See slapo-rwm(5).
--
Dan White
3436
days inactive
3439
days old
openldap-technical@openldap.org
5 comments
5 participants
participants (5)
-
Clément OUDOT -
Dan White -
Howard Chu -
Michael Ströder -
Sylvain