I'm setting up an application to authenticate to Open Directory using LDAP.
Open Directory stores groups in RFC 2307 posixGroups format, like this:
cn: mygroup
objectClass: top
objectClass: apple-group
objectClass: posixGroup
apple-group-memberguid: AA7B69F2-84E1-4ED3-AEC6-25AD976DB1C7
memberUid: noa
But the application expects groups to be in the style of LDAP Core Schema groupOfNames format, like this:
cn: mygroup
objectClass: top
objectClass: groupOfNames
member: uid=noa,cn=users,dc=myserver,dc=example,dc=private
In other words, the directory server is providing an unqualified uid, whereas the application requires a DN.
How can I configure slapd either to:
Dynamically provide an entity that looks like
groupOfNames(duplicated from above):cn: mygroup objectClass: top objectClass: groupOfNames member: uid=noa,cn=users,dc=myserver,dc=example,dc=privateOr dynamically emit extra attributes with the DNs of group members, like this:
cn: mygroup objectClass: top objectClass: apple-group objectClass: posixGroup apple-group-memberguid: AA7B69F2-84E1-4ED3-AEC6-25AD976DB1C7 memberUid: noa memberDn: uid=noa,cn=users,dc=myserver,dc=example,dc=private
It seems like an OpenLDAP overlay can do this, but I'm looking for help with the details.
(The application is BusinessObjects Crystal Reports Server. Support says they don't support OpenLDAP, but after researching the directory servers they do support, I believe this should work with the help of some translation. I can configure the class and attributes names, but to reiterate, the group must provide members using a DN, not a UID.)
