2008-03-17_16:40:26-0400 Ron Peterson rpeterso@MtHolyoke.edu:
I'm trying to select a backend (ldap proxy) according to the the content of a search filter. I've configured something like this prior to any backend definitions: ...
If I use the 'default' context, this seems to work the way I want. I'd prefer being able to be more specific about exactly what I want in each context, but I think this will do.
######################################################################## rwm-rewriteContext default # set default 'locationprefix' to empty string rwm-rewriteRule ".*" "${&&locationprefix("")}$0" ":"
# set 'locationprefix' to letter code used to indicate # ldap server location rwm-rewriteRule ".*cn=([abcde])_(.+)" "${&&locationprefix($2)}$0" ":"
######################################################################## rwm-rewriteContext searchDN # replace anything ending with suffix o=pseudobase with ${**locationprefix}<> # set 'prefix' to string preceeding o=pseudobase rwm-rewriteRule "(.*)o=pseudobase" "${**locationprefix}<>${&prefix($1)}" ":I"
# if locationprefix was 'a', rewrite searchDN to use o=backa suffix rwm-rewriteRule "a{1,2}<>$" "${*prefix}o=backa" ":@I"
# if locationprefix was 'b', rewrite searchDN to use o=backa suffix rwm-rewriteRule "b{1,2}<>$" "${*prefix}o=backb" ":@I" ...etc...
default searchDN to uses o=backdefault suffix rwm-rewriteRule ".*<>$" "${*prefix}o=backdefault" ":"
This seems to capture any bindDN or searchFilter that contains 'cn=[abcde]_', which lets me use a letter code to indicate what ldap server I want to query. I can do any further rewriting I need to do in the specific backend.
I'd anyone has any other examples of how to do something like this, or suggesions for improvements, I'd love to see them. Of course if I could specify the proper suffix in the first place, that would make this really easy. But I'm trying to handle the case where someone types just their username into a form, and I need to figure out where to look it up, bind, etc. So:
a_username goes to ldaps://backa.domaina/...
and
b_username goes to ldaps://backb.domainb/...
etc.