On Apr 21, 2012, at 14.12, Michael Ströder wrote:
> But you could at least enforce that attribute values match according to what
> you've subscribed above with a set-based constraint to avoid having false user
> input in your data.
oh, that sounds interesting. if nothing else, it would be a step in that
direction. with slapo-constraint, presumably? i've only used it for basic
constraints, but i'll go have another read through man 5 slapo-constraint
and do some experimenting.
Yes, with slapo-constraint.
Examples (lines partially wrapped):
# cn has to be composed of givenName, space, sn
constraint_attribute cn,sn,givenName set
"(this/givenName + [ ] + this/sn) & this/cn"
# homeDirectory has to be composed like /home/uid
constraint_attribute uid,homeDirectory set
"([/home/] + this/uid) & this/homeDirectory"
Another option would be to add some external custom code with slapo-sock where
an external process listens on a Unix domain socket.
> For auto-generating values you could customize your LDAP
> Which one are you using?
for day to day management tasks, apache directory studio.
Doesn't it have a plugin API?
I've implemented something like this in my web2ldap with a custom attribute
plugin class which suggests an input value based on different input. Not much
work but one extra click needed though because up to now web2ldap does not
have a post-process plugin API for the whole entry.