Hello,
I try somehow to do what I explain below. But without success...
I think I'm doing badly for the attribute mapping, maybe it would be better
with the rwm overlay?
Could someone put me on the right track?
-> I have this :
----------------------------------------------------------------------------------------------------------------------------------------------------
dc=domain1,dc=local
dc=domain2, dc=local
|__ou=users |__ou=
apps
|__ou=standard |__ou=
app1
|__cn = JOHN DOE
| |__cn = DOEJOHN
|__ att: sAMAccountName= DOEJOHN |
|__att: Appval=valuex
|__att: phonenumber=0102030405 |__ou=
app2
|__cn= DOEJOHN
|__att: Appval=valuey
----------------------------------------------------------------------------------------------------------------------------------------------------
-> and i wan't to do this :
----------------------------------------------------------------------------------------------------------------------------------------------------
dc=meta,dc=local
|_ou=users
|_cn= DOEJOHN
|_att:
phonenumber=0102030405
|_att: App1val=valuex
|_att: App2val=valuey
----------------------------------------------------------------------------------------------------------------------------------------------------
-> I do it this way, with the meta backend :
----------------------------------------------------------------------------------------------------------------------------------------------------
#########################################################################
defaultsearchbase dc=meta,dc=local
### database META #####################################################
database meta
suffix dc=meta,dc=local
rootdn "cn=admin,dc=meta,dc=local"
rootpw secret
## AD1 USERS ###
uri "ldap://ad.domain1.local:389/ou=users,dc=meta,dc=local";
suffixmassage "ou=users,dc=meta,dc=local"
"ou=users,ou=standard,dc=domain1,dc=local"
idassert-bind bindmethod=simple
binddn="CN=reader,DC=domain1,DC=local"
credentials="password"
mode=self
idassert-authzFrom "dn.regex:.*"
access to *
by * read
map attribute uid sAMAccountname
## AD2 APP 1 ###############
uri "ldap://ad.domain2.local:389/ou=users,dc=meta,dc=local";
suffixmassage "ou=users,dc=meta,dc=local" "ou=app1,ou=apps,dc=domain2,dc=local"
idassert-bind bindmethod=simple
binddn="CN=reader,DC=domain2,DC=local"
credentials="password"
mode=self
idassert-authzFrom "dn.regex:.*"
access to *
by * read
map attribute uid cn
map attribute App1val Appval
## AD2 APP 2 ###############
uri "ldap://ad.domain2.local:389/ou=users,dc=meta,dc=local";
suffixmassage "ou=users,dc=meta,dc=local" "ou=app2,ou=apps,dc=domain2,dc=local"
idassert-bind bindmethod=simple
binddn="CN=reader,DC=domain2,DC=local"
credentials="password"
mode=self
idassert-authzFrom "dn.regex:.*"
access to *
by * read
map attribute uid cn
map attribute App2val Appval
lastmod off
----------------------------------------------------------------------------------------------------------------------------------------------------
I get this result, and it does not really correspond to what I want to get ....
:
----------------------------------------------------------------------------------------------------------------------------------------------------
[root@server openldap]# ldapsearch -x "uid=DOEJOHN" -H 'ldap://localhost/' -b
dc=meta,dc=local -LLL phonenumber App1val App2val
dn: cn=JOHN DOE,ou=users,dc=meta,dc=local
phonenumber: 0102030405
dn: cn=DOEJOHN,ou=users,dc=meta,dc=local
App1val: valuex
dn: cn=DOEJOHN,ou=users,dc=meta,dc=local
App2val: valuey
----------------------------------------------------------------------------------------------------------------------------------------------------
Regards,
--
Greg
