|
|
|
|
|
|
|
# Managing Alias ldap object in FusionDirectory
|
|
# Managing Alias ldap object in FusionDirectory
|
|
|
|
|
|
|
|
# Problem
|
|
### Purpose
|
|
|
|
|
|
|
|
We need to make objects aliases (not for mail) in Fusiondirectory.
|
|
LdapAlias is a plugin which allow to manage ldap aliasedObjectName.
|
|
|
|
|
|
|
|
Our Problem :
|
|
### Fonctionality
|
|
|
|
|
|
|
|
- We have a FusionDirectory server in latest version
|
|
It will allow to create alias on objects on other part of the ldap tree to make them appears in only one branch.
|
|
|
- We have a QNAP storage bay
|
|
|
|
|
|
|
|
|
|
On QNAP, it's not possible (at the time of writing this) to have Samba
|
|
### Problem
|
|
|
accounts in multiple OUs. (not possible to make a subtree search)
|
|
|
|
|
We must put all the users at the root level !
|
|
|
|
|
|
|
|
|
|
We can search users with filter but it will be preferable if we can
|
|
Applications searching the LDAP will be able to follow aliases if they support that.
|
|
|
distribute user objects aliases in differents OU.
|
|
This can be done by setting the LDAP option LDAP_OPT_DEREF to LDAP_DEREF_ALWAYS. ldapsearch supports this with option "-a always".
|
|
|
The final user will can branch to the OU and obtain directly only the
|
|
|
|
|
users in that OU.
|
|
|
|
|
|
|
|
|
|
We search if it's possible in openldap and we find that :
|
|
This seems to match LDAP option LDAP_OPT_DEREF ldap_set_option
|
|
|
https://coderwall.com/p/c0w6-q/create-ldap-aliases-in-openldap
|
|
|
|
|
|
|
|
|
|
# Alias plugin
|
|
### Solution
|
|
|
|
|
|
|
|
We can create an alias plugin in FD which allows to create/manage object of objectClass alias with only one field to enter the dn it should be an alias to.
|
|
We create a plugin in FusionDirectory that manage aliasedObjectName attributes.
|
|
|
|
|
|
|
|
Applications searching the LDAP will be able to follow aliases if they support that.
|
|
#### ldap objectClass
|
|
|
This can be done by setting the LDAP option LDAP_OPT_DEREF to LDAP_DEREF_ALWAYS. ldapsearch supports this with option "-a always".
|
|
|
|
|
This seems to match LDAP option LDAP_OPT_DEREF ldap_set_option |
|
```
|
|
\ No newline at end of file |
|
objectClass: alias
|
|
|
|
objectClass: top
|
|
|
|
objectClass: extensibleObject
|
|
|
|
```
|
|
|
|
|
|
|
|
#### Management list
|
|
|
|
|
|
|
|
We should a a management class in FusionDirectory that manage this kind of objects, and allow to create new aliasedObjectName attributes.
|
|
|
|
|
|
|
|
When we create a new aliasedObjectName attributes we should use :
|
|
|
|
|
|
|
|
* a UsersAttribute for selecting the user is linked to for user alias
|
|
|
|
* a xxxAttribute for selecting the user is linked to for group alias |
