Suppose you have a client application that expects a different
attribute name, such as fullname
for a standard attribute
like cn
(common name), and that expects a distinguished
name (DN) suffix different from what is stored in the directory. If you
cannot change the application, one possible alternative is a proxy layer
that does DN and attribute rewriting.[9]
# A search accessing the directory server $ ldapsearch -b dc=example,dc=com -p 1389 "(cn=Babs Jensen)" cn dn: uid=bjensen,ou=People,dc=example,dc=com cn: Barbara Jensen cn: Babs Jensen # The same search search accessing a proxy that rewrites requests and responses $ ldapsearch -b o=example -p 8389 "(fullname=Babs Jensen)" fullname dn: uid=bjensen,ou=People,o=example fullname: Barbara Jensen fullname: Babs Jensen
The OpenDJ LDAP SDK RewriterProxy example builds on the Proxy example, rewriting requests
and search result entries. When you read the example, look for the
rewrite()
methods.
In the above output, the rewriter proxy listens on port 8389,
connecting to a directory server listening on 1389. The directory server
contains data from Example.ldif
.
[9] Some servers, such as OpenDJ directory server, can do attribute rewriting without a proxy layer. See your directory server's documentation for details.