DIT changes with dn virtual transformations

Here is a summary of a common deployment scenario with Sun Directory Proxy Server:

LDAP entries are grouped by location in the DIT, e.g user entries are located under ou=north,ou=people,dc=company, dc=com or  ou=south,ou=people,dc=company, dc=com or ou=east,ou=people,dc=company, dc=com or ou=west,ou=people,dc=company, dc=com based on user physical location.

Later, for sake of simplicity, the DIT is flatten so that every user entry is stored immediatly under ou=people, dc=company, dc=com

New applications are aware of the DIT structure change but DPS is used so that legacy applications expecting the location container node can operate w/o problem.

The dn mapping needed can be achieved by using virtual data transformations as described  in http://docs.sun.com/app/docs/doc/820-2765/virtual_transformations?a=view

Let's assume that
- you have a data view DV1 with viewBase (suffix) set to dc=company,dc=com.
- entry location (north, east,...) is always available in each entry in attribute 'location'
- entry uid=\*,ou=(north|south|east|west),ou=people,dc=company,dc=com mapped to uid=\*,ou=people,dc=company,dc=com

You have to create a virtual data transformation on the 'dn' for data view DV1. For inbound traffic (requests), the proxy must get rid of the ou=(north|south|east|west) node. For outbound traffic (responses), the proxy gerenates a (fake) ou=(north|south|east|west)  from the content of the 'location' attribute of each entry.

Here is the dpconf command to do that:

dpconf add-virtual-transformation -h <host> -p <port> -d <proxy manager> DV1 mapping attr-value-mapping dn internal-value:uid=\\${uid},ou=people view-value:uid=\\${uid},ou=\\${location},ou=people

Note: you might have to escape some characters (e.g $) in the command below depending on the command interpreter you are using. In the example above, I used \\$ instead of plain $.
Note2: dn patterns used in virtual transformations must not contain the data view viewBase (dc=company,dc=com in this case) as it is implicit.


Comments:

We (Western Michigan University in USA) are doing something like this for the data feed to our Cisco VoIP Call Manager for phone numbers. We store the 10 digit phone number in the directory, but the Call Manager needs just the last 5 digits for intra-campus calls. So, a telephoneNumber of "269 387-1000" becomes "7-1000" when the Call Manager retrieves an entry via the DPS.

Our current issue is that the call manager's search filter can not be modified and does an overly broad search. We have about 3,000 of our 125,000 entries with campus phone numbers. It's current search returns almost 100,000 entries. We want like to logically AND an additional search filter onto what it supplies, but so far have not figured out how to do that. Any suggestions?

Posted by Derek Diget on January 23, 2009 at 08:36 PM CET #

This is clearly a feature that is missing in the product.
I envision to add the possibility to modify the search filter and scope in addition to the base dn and attribute name & content in a future release.

What is the exact search filter used by the call manager ? Would be useful for me to have the real use case. Does the call manager perform several kind of searches or only one ? (wondering what would be the best way to configure such a request rewriting feature)

Thanks in advance.

Posted by Sylvain Duloutre on January 27, 2009 at 05:15 AM CET #

I posted the search filter question to the directroy server forums. See "DPS: logically AND search filter" at <http://forums.sun.com/thread.jspa?threadID=5363511 >.

Thanks.

Posted by Derek Diget on January 28, 2009 at 01:20 PM CET #

Post a Comment:
  • HTML Syntax: NOT allowed
About


I am Sylvain Duloutre, I work as a Software Architect in the Oracle Directory Integration Team, the customer-facing part of Directory Services & Identity Management Product Development, working on Technical Field Enablement.

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today