Search w/ empty base dn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Howard Chu wrote:

>
>> Date: Fri, 10 Feb 2006 12:05:52 -0700
>> From: Richard Megginson <rmeggins at redhat.com>
>>
>> Glenn W. Bach wrote:
>>
>>  
>>
>>>>> I'm replacing an ldap server with Fedora Directory. The old one 
>>>>> allows searches with
>>>>> the base dn empty. Is there a way to allow searches with a blank 
>>>>> base dn in Fedora
>>>>> Directory?
>>>>>         
>>>>
>>>> I'm assuming you mean the ability to perform a subtree search with 
>>>> a base dn of "". No,
>>>> you cannot do this with Fedora DS. What is your old directory 
>>>> server? Does it do this
>>>> by default or do you have to configure it to do so?
>>>>       
>>>
>>> Yes, -b ''
>>>
>>> We are actually replacing an Exchange 5.5 system that is pretending 
>>> to be an ldap server.
>>> The unfortunate thing is that hundreds of users have their base dn 
>>> blank, which is
>>> something Exchange can apparently deal with. I am not sure if it had 
>>> to be specifically configured to allow this.
>>>     
>>
>>
>> No, that explains it.
>>
>>  
>>
>>> So the bottom line sounds like we need to touch several hundred 
>>> desktops if we want to transition away from Exchange. Sigh...
>>>     
>>
>>
>> Perhaps not.  OpenLDAP has the ability to act as an LDAP proxy and 
>> rewrite the base DN.  I'm not sure how to do this, but probably 
>> someone on the openldap lists would know.
>>   
>
>
> OpenLDAP has a more relevant solution here: you can set a 
> defaultsearchbase on slapd that is used when a search request comes in 
> with an empty baseDN and non-base scope. This feature exists in 
> OpenLDAP precisely because of all those misconfigured clients in the 
> world.

Oh, well you can do that with Fedora DS as well:
1) stop-slapd
2) edit config/dse.ldif - in the first entry, the one with
dn:
(the empty dn), just add
objectclass: extensibleObject
defaultsearchbase: yoursuffix
3) start-slapd

>
>> Alternately, you could write a plug-in (datainterop) that maps 
>> incoming requests for base "" and sub scope to your real suffix.
>>   
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060212/2baee762/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux