Hi, Please forgive my ignorance if this is a stupid question; I have only been messing around with OpenLDAP for a few days, but I believe I hit a roadblock that somebody must have seen somewhere.
Basically, I am planning on using a translucent proxy to augment the attribute set served up by an external LDAP provider. Specifically I am provisioning uidNumber and gidNumbers for AD accounts. I cannot populate the upstream RFC2307 attributes. My problem is this; it is my understanding that a translucent proxy is going to match records in the local and remote databases based on DN. Admins are going to be moving user and group objects around upstream, which will reliably break the mapping between local and remote databases after the objects with uidNumber and gidNumbers are populated into the local database. I can think of a couple of algorithms that would reconcile this, although they would require custom coding and maintaining a localized external view of the data (i.e. in a SQL database). So, I suppose my question is this; Is there an elegant way to solve this problem, for example, having the translucent proxy map by an attribute other than DN, such as an AD SID? I appreciate your time and input :-) Thank you, Dan Sullivan ******************************************************************************** This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged and confidential. If the reader of this e-mail message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is prohibited. If you have received this e-mail in error, please notify the sender and destroy all copies of the transmittal. Thank you University of Chicago Medicine and Biological Sciences ********************************************************************************
