given an entry such as:
dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com objectclass=mailgroup cn=abuse member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com
i'd like the entry to also include an attribute, generated automatically, based on the rdn of the entry and the superior's rdn. for example:
dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com objectclass=mailgroup cn=abuse member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com maillocaladdress=abuse@example.com
where maillocaladdress is the automatically generated attribute.
is this possible? it seems like something an overlay might accommodate, so i thought i might try experimenting with slapo-rwm, but wanted to also ask here in the meantime.
thanks -ben
btb@bitrate.net wrote:
given an entry such as:
dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com objectclass=mailgroup cn=abuse member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com
i'd like the entry to also include an attribute, generated automatically, based on the rdn of the entry and the superior's rdn. for example:
dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com objectclass=mailgroup cn=abuse member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com maillocaladdress=abuse@example.com
where maillocaladdress is the automatically generated attribute.
is this possible? it seems like something an overlay might accommodate, so i thought i might try experimenting with slapo-rwm, but wanted to also ask here in the meantime.
I doubt that this is possible with slapo-rwm.
But you could at least enforce that attribute values match according to what you've subscribed above with a set-based constraint to avoid having false user input in your data.
For auto-generating values you could customize your LDAP administration UI. Which one are you using?
Ciao, Michael.
On Apr 21, 2012, at 14.12, Michael Ströder wrote:
I doubt that this is possible with slapo-rwm.
thanks, i'd wondered this.
But you could at least enforce that attribute values match according to what you've subscribed above with a set-based constraint to avoid having false user input in your data.
oh, that sounds interesting. if nothing else, it would be a step in that direction. with slapo-constraint, presumably? i've only used it for basic constraints, but i'll go have another read through man 5 slapo-constraint and do some experimenting.
For auto-generating values you could customize your LDAP administration UI. Which one are you using?
for day to day management tasks, apache directory studio.
-ben
btb@bitrate.net wrote:
On Apr 21, 2012, at 14.12, Michael Ströder wrote:
But you could at least enforce that attribute values match according to what you've subscribed above with a set-based constraint to avoid having false user input in your data.
oh, that sounds interesting. if nothing else, it would be a step in that direction. with slapo-constraint, presumably? i've only used it for basic constraints, but i'll go have another read through man 5 slapo-constraint and do some experimenting.
Yes, with slapo-constraint.
Examples (lines partially wrapped):
# cn has to be composed of givenName, space, sn constraint_attribute cn,sn,givenName set "(this/givenName + [ ] + this/sn) & this/cn" restrict="ldap:///ou=People,dc=domain??sub?(objectClass=person)"
# homeDirectory has to be composed like /home/uid constraint_attribute uid,homeDirectory set "([/home/] + this/uid) & this/homeDirectory" restrict="ldap:///ou=People,dc=domain??sub?(objectClass=posixAccount)"
Another option would be to add some external custom code with slapo-sock where an external process listens on a Unix domain socket.
For auto-generating values you could customize your LDAP administration UI. Which one are you using?
for day to day management tasks, apache directory studio.
Doesn't it have a plugin API?
I've implemented something like this in my web2ldap with a custom attribute plugin class which suggests an input value based on different input. Not much work but one extra click needed though because up to now web2ldap does not have a post-process plugin API for the whole entry.
Ciao, Michael.
Hi,
Michael Ströder schrieb (21.04.2012 20:12 Uhr):
btb@bitrate.net wrote:
given an entry such as:
dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com objectclass=mailgroup cn=abuse member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com
i'd like the entry to also include an attribute, generated automatically, based on the rdn of the entry and the superior's rdn. for example:
dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com objectclass=mailgroup cn=abuse member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com maillocaladdress=abuse@example.com
where maillocaladdress is the automatically generated attribute.
is this possible? it seems like something an overlay might accommodate, so i thought i might try experimenting with slapo-rwm, but wanted to also ask here in the meantime.
I doubt that this is possible with slapo-rwm.
I'd like to come back to this from a slightly different point.
I have an attribute maildrop which values are like user@server.
Now an application may need the "user" value solely without the "server".
Can I provide the value of "user" (from the attribute maildrop) in a virtual attribute foo with slapo-rwm?
(I must confess I do not fully understand what the slapo-rwm man page wants to tell me.)
Marc
openldap-technical@openldap.org
-
btb@bitrate.net -
Marc Patermann -
Michael Ströder