hyc@OpenLDAP.org wrote:
Update of /repo/OpenLDAP/pkg/ldap/servers/slapd
Modified Files: sasl.c 1.245 -> 1.246 sl_malloc.c 1.40 -> 1.41 connection.c 1.393 -> 1.394 proto-slap.h 1.715 -> 1.716
Log Message: Added "slapd" rewrite map handler, connection_fake_init2 to use existing tmpmemctx without reinitializing
The documentation for this feature presents a bit of a problem, since most of the functionality of librewrite is documented in slapo-rwm(5). When SLAP_AUTH_REWRITE is defined (which it is, whenever --enable-rewrite is used) then all of librewrite's capabilities really should be in the main slapd documentation.
In the meantime, here's an example usage:
rwm-rewriteMap slapd cn2dn "ldap:///dc=example,dc=com?dn?sub?(&(objectclass=person)"
rwm-rewriteContext bindDN rwm-rewriteRule "^(cn=[^,]+),.*" "${cn2dn(($1)))}" ":@I"
This (stupid) example allows a user with a long DN to bind using just their RDN plus any subset of the DB suffix. E.g, a user with DN cn=Joe Bob,ou=Team1,ou=Teams,ou=Divisions,dc=example,dc=com could bind with just cn=Joe Bob,dc=example,dc=com