Change DN in OpenLDAP “on the fly”How to configure Review Board running under linux to use a LDAP userHow...
Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?
Area Under the Curve - Variable and Log Transformed Variable
Did Amazon pay $0 in taxes last year?
What is better: yes / no radio, or simple checkbox?
Are angels creatures (Mark 16:15) and can they repent (Rev 2:5 and Rom 8:21)
Is there a way to find out the age of climbing ropes?
What is the oldest European royal house?
How can friction do no work in case of pure rolling?
Is this nominative case or accusative case?
Replacing tantalum capacitor with ceramic capacitor for Op Amps
Has a sovereign Communist government ever run, and conceded loss, on a fair election?
Professor forcing me to attend a conference
Giving a talk in my old university, how prominently should I tell students my salary?
Why doesn't "adolescent" take any articles in "listen to adolescent agonising"?
What is Tony Stark injecting into himself in Iron Man 3?
How do we objectively assess if a dialogue sounds unnatural or cringy?
Quitting employee has privileged access to critical information
Can a Mexican citizen living in US under DACA drive to Canada?
What is the purpose of a disclaimer like "this is not legal advice"?
What's the best tool for cutting holes into duct work?
Where do you go through passport control when transiting through another Schengen airport on your way out of the Schengen area?
Computing the volume of a simplex-like object with constraints
“I had a flat in the centre of town, but I didn’t like living there, so …”
What is the meaning of option 'by' in TikZ Intersections
Change DN in OpenLDAP “on the fly”
How to configure Review Board running under linux to use a LDAP userHow do I get Bugzilla to authenticate with Active Directory LDAP?Kunagi LDAP configuration problemsldapquery an Active Directory server for users that belongs to a group named XLiferay and export LDAP accountJenkins: LDAP username/email lookupNagios 3.2.3 Core web interface login via LDAP using full names for usernameAuth fail on Samba server with LDAP backendFreenas 11 + samba4 AD DC - Can't contact LDAP serverOpenLdap Configuration Issue
I'm a newbie in LDAP and I have the following issue:
I use OpenLDAP as a caching proxy for remote Active Directory.
And the full DN of a user is like "cn=Doe, John,ou=users,ou=others,dc=company,dc=com", while the uid (sAMAccountName) is the short form of first and second name. For example John Doe will be jdoe.
I already have SVN server, Bugzilla and ReviewBoard working fine with this because they have many setting for LDAP support. But now I'm trying to set up the YouTrack and there is a lack of LDAP settings in it.
I want to be able to log in the YouTrack using the short form login (like "jdoe"), but when I set the transform string in YouTrack as "sAMAccountName=$login$,ou=users,ou=others,dc=company,dc=com" I have the following error all the time:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1]
which is “invalid credentials”.
But if I specify the full name explicitly in the transform string I can log in (but no one else of course):
"cn=Doe, John,ou=users,ou=others,dc=company,dc=com"
So, my question is:
Can I modify the DN of a user "on the fly" in order to have something like this for example:
"cn=jdoe,ou=users,ou=others,dc=company,dc=com"
?
ldap openldap
asked Jul 5 '13 at 14:35
GooRooGooRoo
1113
bumped to the homepage by Community♦ 18 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I'm a newbie in LDAP and I have the following issue:
I use OpenLDAP as a caching proxy for remote Active Directory.
And the full DN of a user is like "cn=Doe, John,ou=users,ou=others,dc=company,dc=com", while the uid (sAMAccountName) is the short form of first and second name. For example John Doe will be jdoe.
I already have SVN server, Bugzilla and ReviewBoard working fine with this because they have many setting for LDAP support. But now I'm trying to set up the YouTrack and there is a lack of LDAP settings in it.
I want to be able to log in the YouTrack using the short form login (like "jdoe"), but when I set the transform string in YouTrack as "sAMAccountName=$login$,ou=users,ou=others,dc=company,dc=com" I have the following error all the time:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1]
which is “invalid credentials”.
But if I specify the full name explicitly in the transform string I can log in (but no one else of course):
"cn=Doe, John,ou=users,ou=others,dc=company,dc=com"
So, my question is:
Can I modify the DN of a user "on the fly" in order to have something like this for example:
"cn=jdoe,ou=users,ou=others,dc=company,dc=com"
?
ldap openldap
asked Jul 5 '13 at 14:35
GooRooGooRoo
1113
bumped to the homepage by Community♦ 18 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Sun used to have a LDAP Proxy product as part of the Sun ONE Directory suite. I believe Oracle still has it as a product - they did about a year ago. It had provision for modifying some data on the fly. I can't recall if it was just field names or if it was actual data as well. That maybe useful, but there'd probably be a license to use operationally (we had a site license so I just grabbed what I wanted).
– Jason Tan
Jul 5 '13 at 14:44
Thank you, but unfortunately this is not the case for me :(
– GooRoo
Jul 5 '13 at 15:29
add a comment |
I'm a newbie in LDAP and I have the following issue:
I use OpenLDAP as a caching proxy for remote Active Directory.
And the full DN of a user is like "cn=Doe, John,ou=users,ou=others,dc=company,dc=com", while the uid (sAMAccountName) is the short form of first and second name. For example John Doe will be jdoe.
I already have SVN server, Bugzilla and ReviewBoard working fine with this because they have many setting for LDAP support. But now I'm trying to set up the YouTrack and there is a lack of LDAP settings in it.
I want to be able to log in the YouTrack using the short form login (like "jdoe"), but when I set the transform string in YouTrack as "sAMAccountName=$login$,ou=users,ou=others,dc=company,dc=com" I have the following error all the time:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1]
which is “invalid credentials”.
But if I specify the full name explicitly in the transform string I can log in (but no one else of course):
"cn=Doe, John,ou=users,ou=others,dc=company,dc=com"
So, my question is:
Can I modify the DN of a user "on the fly" in order to have something like this for example:
"cn=jdoe,ou=users,ou=others,dc=company,dc=com"
?
ldap openldap
asked Jul 5 '13 at 14:35
GooRooGooRoo
1113
I'm a newbie in LDAP and I have the following issue:
I use OpenLDAP as a caching proxy for remote Active Directory.
And the full DN of a user is like "cn=Doe, John,ou=users,ou=others,dc=company,dc=com", while the uid (sAMAccountName) is the short form of first and second name. For example John Doe will be jdoe.
I already have SVN server, Bugzilla and ReviewBoard working fine with this because they have many setting for LDAP support. But now I'm trying to set up the YouTrack and there is a lack of LDAP settings in it.
I want to be able to log in the YouTrack using the short form login (like "jdoe"), but when I set the transform string in YouTrack as "sAMAccountName=$login$,ou=users,ou=others,dc=company,dc=com" I have the following error all the time:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1]
which is “invalid credentials”.
But if I specify the full name explicitly in the transform string I can log in (but no one else of course):
"cn=Doe, John,ou=users,ou=others,dc=company,dc=com"
So, my question is:
Can I modify the DN of a user "on the fly" in order to have something like this for example:
"cn=jdoe,ou=users,ou=others,dc=company,dc=com"
?
ldap openldap
ldap openldap
asked Jul 5 '13 at 14:35
GooRooGooRoo
1113
asked Jul 5 '13 at 14:35
GooRooGooRoo
1113
asked Jul 5 '13 at 14:35
GooRooGooRoo
1113
asked Jul 5 '13 at 14:35
GooRooGooRoo
1113
asked Jul 5 '13 at 14:35
GooRooGooRoo
1113
1113
bumped to the homepage by Community♦ 18 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 18 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Sun used to have a LDAP Proxy product as part of the Sun ONE Directory suite. I believe Oracle still has it as a product - they did about a year ago. It had provision for modifying some data on the fly. I can't recall if it was just field names or if it was actual data as well. That maybe useful, but there'd probably be a license to use operationally (we had a site license so I just grabbed what I wanted).
– Jason Tan
Jul 5 '13 at 14:44
Thank you, but unfortunately this is not the case for me :(
– GooRoo
Jul 5 '13 at 15:29
add a comment |
Sun used to have a LDAP Proxy product as part of the Sun ONE Directory suite. I believe Oracle still has it as a product - they did about a year ago. It had provision for modifying some data on the fly. I can't recall if it was just field names or if it was actual data as well. That maybe useful, but there'd probably be a license to use operationally (we had a site license so I just grabbed what I wanted).
– Jason Tan
Jul 5 '13 at 14:44
Thank you, but unfortunately this is not the case for me :(
– GooRoo
Jul 5 '13 at 15:29
Sun used to have a LDAP Proxy product as part of the Sun ONE Directory suite. I believe Oracle still has it as a product - they did about a year ago. It had provision for modifying some data on the fly. I can't recall if it was just field names or if it was actual data as well. That maybe useful, but there'd probably be a license to use operationally (we had a site license so I just grabbed what I wanted).
– Jason Tan
Jul 5 '13 at 14:44
Sun used to have a LDAP Proxy product as part of the Sun ONE Directory suite. I believe Oracle still has it as a product - they did about a year ago. It had provision for modifying some data on the fly. I can't recall if it was just field names or if it was actual data as well. That maybe useful, but there'd probably be a license to use operationally (we had a site license so I just grabbed what I wanted).
– Jason Tan
Jul 5 '13 at 14:44
Thank you, but unfortunately this is not the case for me :(
– GooRoo
Jul 5 '13 at 15:29
Thank you, but unfortunately this is not the case for me :(
– GooRoo
Jul 5 '13 at 15:29
add a comment |
1 Answer
1
active
oldest
votes
Even though this question might be a little old, I've come up with a few thoughts on this. Maybe it will help somebody in the future:
- You could simply modify the DN by using
ldapmodifywith
changetype: moddnormodrdnproviding the new DN (newrdn).
More information on this can be found in bulletpoint number 4 in
here: http://www.zytrax.com/books/ldap/ch8/#changetype
- You could use the "rwm" overlay in OpenLDAP. This lets you either rewrite your DN, massage the suffix or even provide a virtual view on your data. Check
man 5 slapo-rwm. This thing is really powerfull! - Another way would be to set up an alias for the initial entry.
cn=jdoe,ou=users,ou=others,dc=company,dc=comcould be of object class "alias" and have your initial account written in the attributealiasedObjectName. All you would need to do in this case would be to check, whether the ldapsearch operation follows referrals or not.
On my server I have a similar setup and chose the 3rd way. To have it completely clean, I created my own schema where I have a dedicated alias object class for this which provides the necessary additional fields.
answered Dec 2 '16 at 13:43
dim-0dim-0
473210
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f521101%2fchange-dn-in-openldap-on-the-fly%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Even though this question might be a little old, I've come up with a few thoughts on this. Maybe it will help somebody in the future:
- You could simply modify the DN by using
ldapmodifywith
changetype: moddnormodrdnproviding the new DN (newrdn).
More information on this can be found in bulletpoint number 4 in
here: http://www.zytrax.com/books/ldap/ch8/#changetype
- You could use the "rwm" overlay in OpenLDAP. This lets you either rewrite your DN, massage the suffix or even provide a virtual view on your data. Check
man 5 slapo-rwm. This thing is really powerfull! - Another way would be to set up an alias for the initial entry.
cn=jdoe,ou=users,ou=others,dc=company,dc=comcould be of object class "alias" and have your initial account written in the attributealiasedObjectName. All you would need to do in this case would be to check, whether the ldapsearch operation follows referrals or not.
On my server I have a similar setup and chose the 3rd way. To have it completely clean, I created my own schema where I have a dedicated alias object class for this which provides the necessary additional fields.
answered Dec 2 '16 at 13:43
dim-0dim-0
473210
add a comment |
Even though this question might be a little old, I've come up with a few thoughts on this. Maybe it will help somebody in the future:
- You could simply modify the DN by using
ldapmodifywith
changetype: moddnormodrdnproviding the new DN (newrdn).
More information on this can be found in bulletpoint number 4 in
here: http://www.zytrax.com/books/ldap/ch8/#changetype
- You could use the "rwm" overlay in OpenLDAP. This lets you either rewrite your DN, massage the suffix or even provide a virtual view on your data. Check
man 5 slapo-rwm. This thing is really powerfull! - Another way would be to set up an alias for the initial entry.
cn=jdoe,ou=users,ou=others,dc=company,dc=comcould be of object class "alias" and have your initial account written in the attributealiasedObjectName. All you would need to do in this case would be to check, whether the ldapsearch operation follows referrals or not.
On my server I have a similar setup and chose the 3rd way. To have it completely clean, I created my own schema where I have a dedicated alias object class for this which provides the necessary additional fields.
answered Dec 2 '16 at 13:43
dim-0dim-0
473210
add a comment |
Even though this question might be a little old, I've come up with a few thoughts on this. Maybe it will help somebody in the future:
- You could simply modify the DN by using
ldapmodifywith
changetype: moddnormodrdnproviding the new DN (newrdn).
More information on this can be found in bulletpoint number 4 in
here: http://www.zytrax.com/books/ldap/ch8/#changetype
- You could use the "rwm" overlay in OpenLDAP. This lets you either rewrite your DN, massage the suffix or even provide a virtual view on your data. Check
man 5 slapo-rwm. This thing is really powerfull! - Another way would be to set up an alias for the initial entry.
cn=jdoe,ou=users,ou=others,dc=company,dc=comcould be of object class "alias" and have your initial account written in the attributealiasedObjectName. All you would need to do in this case would be to check, whether the ldapsearch operation follows referrals or not.
On my server I have a similar setup and chose the 3rd way. To have it completely clean, I created my own schema where I have a dedicated alias object class for this which provides the necessary additional fields.
answered Dec 2 '16 at 13:43
dim-0dim-0
473210
Even though this question might be a little old, I've come up with a few thoughts on this. Maybe it will help somebody in the future:
- You could simply modify the DN by using
ldapmodifywith
changetype: moddnormodrdnproviding the new DN (newrdn).
More information on this can be found in bulletpoint number 4 in
here: http://www.zytrax.com/books/ldap/ch8/#changetype
- You could use the "rwm" overlay in OpenLDAP. This lets you either rewrite your DN, massage the suffix or even provide a virtual view on your data. Check
man 5 slapo-rwm. This thing is really powerfull! - Another way would be to set up an alias for the initial entry.
cn=jdoe,ou=users,ou=others,dc=company,dc=comcould be of object class "alias" and have your initial account written in the attributealiasedObjectName. All you would need to do in this case would be to check, whether the ldapsearch operation follows referrals or not.
On my server I have a similar setup and chose the 3rd way. To have it completely clean, I created my own schema where I have a dedicated alias object class for this which provides the necessary additional fields.
answered Dec 2 '16 at 13:43
dim-0dim-0
473210
answered Dec 2 '16 at 13:43
dim-0dim-0
473210
answered Dec 2 '16 at 13:43
dim-0dim-0
473210
answered Dec 2 '16 at 13:43
dim-0dim-0
473210
473210
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f521101%2fchange-dn-in-openldap-on-the-fly%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Sun used to have a LDAP Proxy product as part of the Sun ONE Directory suite. I believe Oracle still has it as a product - they did about a year ago. It had provision for modifying some data on the fly. I can't recall if it was just field names or if it was actual data as well. That maybe useful, but there'd probably be a license to use operationally (we had a site license so I just grabbed what I wanted).
– Jason Tan
Jul 5 '13 at 14:44
Thank you, but unfortunately this is not the case for me :(
– GooRoo
Jul 5 '13 at 15:29