10:51 a.m.
given an entry such as:
dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com
objectclass=mailgroup
cn=abuse
member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com
i'd like the entry to also include an attribute, generated automatically, based on the
rdn of the entry and the superior's rdn. for example:
dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com
objectclass=mailgroup
cn=abuse
member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com
maillocaladdress=abuse(a)example.com
where maillocaladdress is the automatically generated attribute.
is this possible? it seems like something an overlay might accommodate, so i thought i
might try experimenting with slapo-rwm, but wanted to also ask here in the meantime.
thanks
-ben
11:12 a.m.
btb(a)bitrate.net wrote:
given an entry such as:
dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com
objectclass=mailgroup
cn=abuse
member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com
i'd like the entry to also include an attribute, generated automatically, based on
the rdn of the entry and the superior's rdn. for example:
dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com
objectclass=mailgroup
cn=abuse
member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com
maillocaladdress=abuse(a)example.com
where maillocaladdress is the automatically generated attribute.
is this possible? it seems like something an overlay might accommodate, so i thought i
might try experimenting with slapo-rwm, but wanted to also ask here in the meantime.
I doubt that this is possible with slapo-rwm.
But you could at least enforce that attribute values match according to what
you've subscribed above with a set-based constraint to avoid having false user
input in your data.
For auto-generating values you could customize your LDAP administration UI.
Which one are you using?
Ciao, Michael.
11:17 a.m.
On Apr 21, 2012, at 14.12, Michael Ströder wrote:
I doubt that this is possible with slapo-rwm.
thanks, i'd wondered this.
But you could at least enforce that attribute values match according
to what
you've subscribed above with a set-based constraint to avoid having false user
input in your data.
oh, that sounds interesting. if nothing else, it would be a step in that direction. with
slapo-constraint, presumably? i've only used it for basic constraints, but i'll
go have another read through man 5 slapo-constraint and do some experimenting.
For auto-generating values you could customize your LDAP
administration UI.
Which one are you using?
for day to day management tasks, apache directory studio.
-ben
2:24 p.m.
btb(a)bitrate.net wrote:
On Apr 21, 2012, at 14.12, Michael Ströder wrote:
> But you could at least enforce that attribute values match according to what
> you've subscribed above with a set-based constraint to avoid having false user
> input in your data.
oh, that sounds interesting. if nothing else, it would be a step in that
direction. with slapo-constraint, presumably? i've only used it for basic
constraints, but i'll go have another read through man 5 slapo-constraint
and do some experimenting.
Yes, with slapo-constraint.
Examples (lines partially wrapped):
# cn has to be composed of givenName, space, sn
constraint_attribute cn,sn,givenName set
"(this/givenName + [ ] + this/sn) & this/cn"
restrict="ldap:///ou=People,dc=domain??sub?(objectClass=person)"
# homeDirectory has to be composed like /home/uid
constraint_attribute uid,homeDirectory set
"([/home/] + this/uid) & this/homeDirectory"
restrict="ldap:///ou=People,dc=domain??sub?(objectClass=posixAccount)"
Another option would be to add some external custom code with slapo-sock where
an external process listens on a Unix domain socket.
> For auto-generating values you could customize your LDAP
administration UI.
> Which one are you using?
for day to day management tasks, apache directory studio.
Doesn't it have a plugin API?
I've implemented something like this in my web2ldap with a custom attribute
plugin class which suggests an input value based on different input. Not much
work but one extra click needed though because up to now web2ldap does not
have a post-process plugin API for the whole entry.
Ciao, Michael.
7:21 a.m.
Hi,
Michael Ströder schrieb (21.04.2012 20:12 Uhr):
btb(a)bitrate.net wrote:
> given an entry such as:
>
> dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com
> objectclass=mailgroup
> cn=abuse
> member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com
>
> i'd like the entry to also include an attribute, generated automatically, based
on the rdn of the entry and the superior's rdn. for example:
>
> dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com
> objectclass=mailgroup
> cn=abuse
> member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com
> maillocaladdress=abuse(a)example.com
>
> where maillocaladdress is the automatically generated attribute.
>
> is this possible? it seems like something an overlay might accommodate, so i thought
i might try experimenting with slapo-rwm, but wanted to also ask here in the meantime.
I doubt that this is possible with slapo-rwm.
I'd like to come back to this
from a slightly different point.
I have an attribute maildrop which values are like user@server.
Now an application may need the "user" value solely without the
"server".
Can I provide the value of "user" (from the attribute maildrop) in a
virtual attribute foo with slapo-rwm?
(I must confess I do not fully understand what the slapo-rwm man page
wants to tell me.)
Marc
4121
days inactive
4180
days old
openldap-technical@openldap.org
4 comments
3 participants
participants (3)
-
btb@bitrate.net -
Marc Patermann -
Michael Ströder