1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
.TH SLAPO-ALIAS 5 "RELEASEDATE" "OpenLDAP"
.\" Copyright 2023 Symas Corp. All Rights Reserved.
.\" Copying restrictions apply. See LICENSE.
.SH NAME
slapo\-alias \- expose an attribute under a different name
.SH SYNOPSIS
olcOverlay=alias
.SH DESCRIPTION
The
.B alias
overlay to
.BR slapd (8)
allows migrations for existing attributes exposed through a name that is
now deprecated where using
.BR slapo-rwm (5)
is not applicable. For this reason, the aliased attributes are not writable
in any way. In particular:
.RS
.TP
.B Search
Instances of the aliased attribute in the
.B Search
request filter are replaced by the source attribute.
If the attribute is requested, the values are copied from the source
attribute, however unlike with
.BR slapo-rwm (5),
if the source attribute is also requested, both will be returned.
.TP
.B Compare
The request is mapped to the source attribute before processing.
.TP
.B Add, Modify, ModRDN
Requests affecting aliased attributes are rejected with a
.B Constraint
.BR Violation .
.RE
.SH CONFIGURATION LAYOUT
The overlay has to be instantiated under a database adding an entry of
.B olcOverlay=alias
with objectClass of
.BR olcAliasConfig.
These are the available options:
.RS
.TP
.B olcAliasMapping: <source-attribute> <aliased-attribute>
Any time
.B aliased-attribute
is requested (explicitly or through
.B * +
shorthands), the values of
.B source-attribute
are returned. The attributes need to be compatible i.e. both have to be
operational or neither should, same with the
.B SINGLE-VALUE
option, syntax or matching rules. The
.BR slapd.conf (5)
equivalent is
.BR alias_attribute .
It can be provided multiple times.
.RE
.SH EXAMPLE
The following is an example of a configured overlay, substitute
.B $DATABASE
for the DN of the database it is attached to and
.B {x}
with the desired position of the overlay in the overlay stack.
.nf
dn: olcOverlay={x}alias,$DATABASE
objectClass: olcAliasConfig
olcOverlay: alias
olcAliasMapping: source-attribute aliased-attribute
.fi
The
.BR slapd.conf (5)
equivalent of the above follows:
.nf
overlay alias
alias_attribute source-attribute aliased-attribute
.fi
.SH NOTES
When mapping an operational attribute, you might need to use
.BR slapo-dsaschema (5)
contrib module to provide its definition into the schema.
.SH BUGS AND LIMITATIONS
Setting ACLs that differ between the aliased and its source attribute is not
supported, they have to match or risk information disclosure.
It is also expected that the aliased attributes are never physically present in
the database.
.SH FILES
.TP
ETCDIR/slapd.conf
default slapd configuration file
.TP
ETCDIR/slapd.d
default slapd configuration directory
.SH SEE ALSO
.BR slapd-config (5),
.BR slapd.conf (5),
.BR slapd.overlays (5),
.BR slapo-dsaschema (5),
.BR slapd (8)
.SH ACKNOWLEDGEMENTS
This module was developed in 2023 by Ondřej Kuzník for Symas Corp.
|
