Uwe Werler wrote:
If I have rewrite rules like this:
23 olcOverlay={1}rwm,olcDatabase={3}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcRwmConfig olcOverlay: {1}rwm olcRwmRewrite: {0}rwm-rewriteEngine on olcRwmRewrite: {1}rwm-rewriteContext searchFilter olcRwmRewrite: {2}rwm-rewriteRule "(.*\()uid=sapr3(\).*)"
"$1d%d=dlmsapr3$2"
olcRwmRewrite: {3}rwm-rewriteRule "(.*\()uid=sdb(\).*)" "$1uid=sdb$2" olcRwmRewrite: {4}rwm-rewriteRule "(.*\()uid=sapadm(\).*)" "$1uid=dlmsapadm$2" olcRwmRewrite: {5}rwm-rewriteRule "(.*\()uid=sapmnt(\).*)" "$1uid=sapmnt$2" olcRwmRewrite: {6}m-m-rewriteRule "(.*\()uid=[a-z0-9]{3}adm(\).*)" "$1uid=dlmsidadm$2" olcRwmRewrite: {7}rwm-rewriteRule "(.*\()uid=sqd[a-z0-9]{3}(\).*)" "$1uid=dlmsqdsid$2" olcRwmRewrite: {8}rwm-rewriteRule "(.*\()uid=ora[a-z0-9]{3}(\).*)" "$1uid=dlmorasid$2" olcRwmRewrite: {9}rwm-rewriteRule "(.*\()uid=sap[a-z0-9]{3}(\).*)" "$1uid=dlmsapr3$2" olcRwmRewrite: {10}rwm-rewriteRule "(.*\()uid=sap[a-z0-9]{3}db(\).*)" "$1uid=dlmsapr3db$2" olcRwmRewrite: {11}rwm-rewriteRule "(.*\()uid=db2[a-z0-9]{3}(\).*)" "$1uid=dlmdb2sid$2" olcRwmRewrite: {12}rwm-rewriteRule "(.*\()uid=db2[a-z0-9]{3}ap(\).*)" "$1uid=dlmdb2sid$2"
then the ninth rule / statent f failes to escape. In this example ora***
get's
not correctly rewritten d dlmora***: See loglevel trace:
543b711d ==> rewrite_rule_apply rule='(.*()uid=sapr3().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sdb().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sapadm().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sapmnt().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=[a-z0-9]{3}adm().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sqd[a-z0-9]{3}().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*\()uid=ora[a-z0-9]{3}(\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sap[a-z0-9]{3}().2929' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sap[a-z0-9]{3}db().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=db2[a-z0-9]{3}().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=db2[a-z0-9]{3}a28%5).*' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)]
If I insert a dummy statement like this:
olcRwmRewrite: {0}rwm-rewriteEngine on olcRwmRewrite: {1}rwm-rewriteContext searchFilter olcRwmRewrite: {2}rwm-rewriteRule "(.*\()uid=sapr3(\).*)"
"$1uid=dlmsapr3$2"
olcRwmRewrite: {3}rwm-rewriteRule "(.*\()uid=sdb(\).*)" "$1uid=sdb$2" olcRwmRewrite: {4}rwm-rewriteRule "(.*\()uid=sapadm(\).*)" "$1uid=dlmsapadm$2" olcRwmRewrite: {5}rwm-rewriteRule "(.*\()uid=sapmnt(\).*)" "$1uid=sapmnt$2" olcRwmRewrite: {6}rwm-rewriteRule "(.*\()uid=[a-z0-9]{3}adm(\).*)" "$1uid=dlmsidadm$2" olcRwmRewrite: {7}rwm-rewriteRule "(.*\()uid=sqd[a-z0-9]{3}(\).*)"
E E "$1uid=dlmsqdsid$2"
olcRwmRewrite: {8}rwm-rewriteRule "(.*\()uid=ora[a-z0-9]{3}(\).*)" "$1uid=dlmorasid$2" olcRwmRewrite: {9}rwm-rewriteContext placeHolder alias searchFilter olcRwmRewrite: {10}rwm-rewriteRule "(.*\()uid=sap[a-z0-9]{3}(\C%C).*)" "$1uid=dlmsapr3$2" olcRwmRewrite: {11}rwm-rewriteRule "(.*\()uid=sap[a-z0-9]{3}db(\).*)" "$1uid=dlmsapr3db$2" olcRwmRewrite: {12}rwm-rewriteRule "(.*\()uid=db2[a-z0-9]{3}(\).*)" "$1uid=dlmdb2sid$2" olcRwmRewrite: {13}rwm-rewriteRule "(.*\()uid=db2[a-z0-9]{3}ap(\).*)" "$1uid=dlmdb2sid$2"
then the escapes are working properly.
Sometimes this occurs with the last rule too.
It seems to me that this happens with the rule most recently inserted. If slapd was recently restarted, this would be the last rule in the list.
The parsing rules are slightly different for slapd.conf vs ldif. Notable is that ldif parsing does not perform escape processing. So this slapd.conf line:
rwm-rewriteRule "(.*\()uid=sapr3(\).*)" "$1uid=dlmsapr3$2"
should actually correspond to this cn=config attribute:
olcRwmRewrite: rwm-rewriteRule "(.*()uid=sapr3().*)" "$1uid=dlmsapr3$2"
This is exactly the output of conversion with, for example, slaptest -f slapd.conf -F slapd.d.
When a new rwm rule is added, existing rules are reloaded. The bug is that the existing rules were being passed through the slapd.conf line processor, which dropped backslashes on the way, while the rule actually being inserted was passed to the rewrite routines untouched.
Fixed in git master by removing the extra escaping on insert. You will have to adjust your rules to use a single backslash instead of two.
(bonus: rwm is needlessly reloading existing rules when appending with valx >= last, while it could be
-
Ryan Tandy