> Hi, all > > I need "rewrite rule". For example, when client try authorize as > uid=A,ou=all-users,o=org I want check this uid in two containers: > uid=A,ou=local-users,o=org and uid=A,ou=ext-users,o=org. Is it > possible? > > I read about referral and subordinate. But I want use it on one server > and in one database. Is it possible?
Yes, although not trivial. You should try something like database <any> suffix "ou=local-users,o=org" # ... database <any> suffix "ou=ext-users,o=org" # ... database meta suffix "ou=all-users,o=org" uri "ldap:///ou=all-users,o=org"; suffixmassage "ou=all-users,o=org" "ou=local-users,o=org" uri "ldap:///ou=all-users,o=org"; suffixmassage "ou=all-users,o=org" "ou=ext-users,o=org" The meta database will split each request in two branches, rewriting the "ou=all-users,o=org" virtual DN into the "ou=all-users,o=org" and "ou=ext-users,o=org" real DNs, merging the results. You might be in trouble for example with adds because of non-unique target database selection. p. Ing. Pierangelo Masarati Responsabile Open Solution OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
