Howard Chu wrote:
Date: Fri, 10 Feb 2006 12:05:52 -0700 From: Richard Megginson <rmeggins@xxxxxxxxxx> Glenn W. Bach wrote:I'm replacing an ldap server with Fedora Directory. The old one allows searches with the base dn empty. Is there a way to allow searches with a blank base dn in FedoraDirectory?I'm assuming you mean the ability to perform a subtree search with a base dn of "". No, you cannot do this with Fedora DS. What is your old directory server? Does it do thisby default or do you have to configure it to do so?Yes, -b ''We are actually replacing an Exchange 5.5 system that is pretending to be an ldap server. The unfortunate thing is that hundreds of users have their base dn blank, which is something Exchange can apparently deal with. I am not sure if it had to be specifically configured to allow this.No, that explains it.So the bottom line sounds like we need to touch several hundred desktops if we want to transition away from Exchange. Sigh...Perhaps not. OpenLDAP has the ability to act as an LDAP proxy and rewrite the base DN. I'm not sure how to do this, but probably someone on the openldap lists would know.OpenLDAP has a more relevant solution here: you can set a defaultsearchbase on slapd that is used when a search request comes in with an empty baseDN and non-base scope. This feature exists in OpenLDAP precisely because of all those misconfigured clients in the world.
Oh, well you can do that with Fedora DS as well: 1) stop-slapd 2) edit config/dse.ldif - in the first entry, the one with dn: (the empty dn), just add objectclass: extensibleObject defaultsearchbase: yoursuffix 3) start-slapd
Alternately, you could write a plug-in (datainterop) that maps incoming requests for base "" and sub scope to your real suffix.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
