Allen S. Rout wrote:
[apologies if this gets duped: I appear to be having GMANE problems]
Greetings. I'm trying to duplicate the docs on rewriting BindDN before twiddling them to my actual goals. I'm using 2.3.35 on linux (gentoo).
I've tried to strip the twiddling I'm doing down as far as I can:
moduleload rwm overlay rwm rwm-rewriteEngine on rwm-rewriteMap LDAP attr2dn "ldap://localhost/ou=People,dc=ufl,dc=edu?dn?sub" rwm-rewriteContext bindDN rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
which is, I think, straight out of the docs.
Jul 19 10:44:12 misc01 slapd[15708]: line 2 (moduleload rwm) Jul 19 10:44:12 misc01 slapd[15708]: loaded module rwm Jul 19 10:44:12 misc01 slapd[15708]: module rwm: null module registered Jul 19 10:44:12 misc01 slapd[15708]: line 3 (overlay rwm) Jul 19 10:44:12 misc01 slapd[15708]: line 5 (rwm-rewriteEngine on) Jul 19 10:44:12 misc01 slapd[15708]: line 7 (rwm-rewriteMap LDAP attr2dn "ldap://localhost/ou=People,dc=ufl,dc=edu?dn?sub") Jul 19 10:44:12 misc01 slapd[15708]: line 9 (rwm-rewriteContext bindDN) Jul 19 10:44:12 misc01 slapd[15708]: line 10 (rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I")
I think that the module is getting loaded. The 'null module' confuses me. But if I take out the moduleload, the overlay declaration fails, so -something- is getting loaded, and if I take out the overlay statement then the directives are undefined. I can't come up with a scenario where the module would be loaded and define all the entry points, but not actually do anything. :)
But when I connect, I get invalid credentials, and:
Jul 19 10:44:33 misc01 slapd[15721]: connection_read(12): checking for input on id=0 Jul 19 10:44:33 misc01 slapd[15721]: daemon: epoll: listen=7 active_threads=1 tvp=zero Jul 19 10:44:33 misc01 slapd[15721]: daemon: epoll: listen=8 active_threads=1 tvp=zero Jul 19 10:44:33 misc01 slapd[15721]: do_bind Jul 19 10:44:33 misc01 slapd[15721]: >>> dnPrettyNormal: mail=asr@ufl.edu Jul 19 10:44:33 misc01 slapd[15721]: <<< dnPrettyNormal: mail=asr@ufl.edu, mail=asr@ufl.edu Jul 19 10:44:33 misc01 slapd[15721]: do_bind: version=3 dn="mail=asr@ufl.edu" method=128 Jul 19 10:44:33 misc01 slapd[15721]: conn=0 op=0 BIND dn="mail=asr@ufl.edu" method=128 Jul 19 10:44:33 misc01 slapd[15721]: send_ldap_result: conn=0 op=0 p=3 Jul 19 10:44:33 misc01 slapd[15721]: send_ldap_result: err=49 matched="" text="" Jul 19 10:44:33 misc01 slapd[15721]: send_ldap_response: msgid=1 tag=97 err=49 Jul 19 10:44:33 misc01 slapd[15721]: conn=0 op=0 RESULT tag=97 err=49 text= Jul 19 10:44:33 misc01 slapd[15721]: daemon: activity on 1 descriptor
what I find frustrating about this is that I don't even see an attempt to (say) apply the bindDN rewrite rule. Should I be expecting to see that? What config entries do I need to get some visibility into this process? I'm already doing loglevel -1: is there more? :)
You don't provide enough information (e.g. the rest of your slapd.conf). Apparently, no attempt to rewrite the bind DN ever takes place. I guess there's no database that can handle that request and pass it to the rwm overlay.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------