1

I am trying to do this example with an email field :

https://coderwall.com/p/c0w6-q/create-ldap-aliases-in-openldap

This is the .ldif that should create both : 

# this is the user

dn: uid=aka,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectClass: extensibleObject
objectclass: posixAccount
objectclass: inetOrgPerson
cn: Alexander Fake
employeetype: developer
gecos: Alexander Fake
gidnumber: 14564103
homedirectory: /home/aka
loginshell: /bin/bash
mail: alexander.fake@domain.com
sn: Fake
uid: aka
uidnumber: 14583105
userpassword: {SSHA}SgmdndrPR5UVLOAmDs5JOJvqr3WmPYob

# this is the alias

dn: mail=alexander.Fake@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
changetype: add
objectClass: alias
objectClass: top
objectClass: extensibleObject
objectclass: inetOrgPerson
uid: aka
aliasedObjectName: uid=aka,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

I can only import/export ldif, I use phpldapadmin for administration.

When the aliases is craeted it produce the following error : 

This update has been or will be cancelled, it would result in an attribute value not being unique. You might like to search the LDAP server for the offending entry.

Does anyone know how to create aliases on openldap and phpldapadmin ?

Dimitri Kopriwa
  • 13,139
  • 27
  • 98
  • 204

1 Answers1

1

This is basically correct. Just:

  • Remove the uid=aka attribute from the aliasedObject. It doesn't need it. It refers to another object which has that UID value.
  • Also remove inetOrgPerson from the alias. It isn't a person, it's an alias for a person.
  • The objectClass attribute only needs to contain top and alias; and extensibleObject so you can provide a cn or whatever attribute you like as part of the DN, if you want to do that: it doesn't seem to be necessary judging by my DIT.

Poor quality source material. Don't rely on arbitrary Internet junk. Use the official documentation.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • I am trying to distribute the email and the password field from the alias. I also tried to set a cn for it. Is the alias what I am looking for ? – Dimitri Kopriwa Jun 25 '17 at 03:36
  • No idea. What *are* you looking for? An alias behaves exactly the same as the object it is aliasing, except that it is in a different part of the tree, so it is findable from a different starting point. It doesn't have any attributes of its own except its `cn`, which the applications won't even see. – user207421 Jun 25 '17 at 05:12
  • So should all the value of the entity should always be present in the alias when aliase is requested? I have tried to create the alias and it appear the mail field wasn't reflected in the aliases, same as the password. – Dimitri Kopriwa Jun 25 '17 at 05:24
  • There is an LDAP setting to control whether aliases are 'followed' or not. You need to have it set to 'on' in whatever software you're using. If you have it 'off', you will only get the alias entry itself. – user207421 Jun 25 '17 at 06:30
  • I am using PLA and I never seen such think in the documentation iirc – Dimitri Kopriwa Jun 25 '17 at 23:58
  • @BigDong What is PLA? – user207421 Jun 26 '17 at 04:58
  • It is phpldapadmin – Dimitri Kopriwa Jun 26 '17 at 09:59
  • Well a ten-second search took me [here](http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page), where I found the statement 'Configurable support for aliases and referrals.' I would have expected you to at least find that for yourself frankly. – user207421 Jun 26 '17 at 11:27
  • I did find it. But I haven't found the `followed` you are speaking of – Dimitri Kopriwa Jun 26 '17 at 15:59