Here, you add an entry for Quentin Cubbins to the example suffix after registering the entry store and fetch plug-in with Directory Server. You see that Quentin’s mail address is no longer visible in the database that holds mail address attribute values.
Before loading the plug-in, delete Quentin’s entry:
$ ldapdelete -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery uid=qcubbins,ou=People,dc=example,dc=com |
Next, configure Directory Server to load the plug-in as shown in the comments at the beginning of testentry.c, and then restart the server.
With the entry store-fetch plug-in active, add Quentin’s entry back into the directory:
$ ldapmodify -a -h localhost -p 1389 -f quentin.ldif \ -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery |
Now search again for strings in the directory database file for the mail attribute values.
$ cd instance-path/db/example/ $ strings example_mail.db3 | grep example.com =agodiva@example.com =hfuddnud@example.com =pblinn@example.com =scooper@example.com =bcubbins@example.com =yyorgens@example.com |
Notice that Quentin’s mail address value is now not visible in the directory database. Directory users who have appropriate access rights, anonymous in this simple example case, can still view the attribute during a search. The attribute and its value are emphasized in the following example.
$ ldapsearch -h localhost -p 1389 -b dc=example,dc=com uid=qcubbins dn: uid=qcubbins,ou=People,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: qcubbins givenName: Quentin sn: Cubbins cn: Quentin Cubbins mail: qcubbins@example.com secretary: uid=bcubbins,ou=People,dc=example,dc=com |
In this way, you see that entry store and entry fetch plug-ins affect only the way entries are stored, not the directory front end.