S James S Stapleton wrote:
overlay rwm rwm-rewriteEngine on #left here because it might be useful, to simlpify things later, but not currently used rwm-rewriteMap ldap "realBindDNLookup" "ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub"
I got all of the above lined up in column 1. I hope it's the mailer, otherwise please read slapd.conf(5) about the syntax, and specifically about continuation lines.
# bind DN rewrite rules rwm-rewriteContext bindDN # extract the username from the incorrect DN, and try to use it # as mailbox in a lookup filter "(mail=<mailbox>@domain)" to # fetch the corresponding DN #original # "^uid=([^,]+)?,ou=People,dc=mywork,dc=com$" #alt #1 # "uid=([a-zA-Z-]+.[\d]+)" #alt #2 # "(&(objectClass=person)(uid=([a-zA-Z]+.[0-9]+)))" rwm-rewriteRule "(&(objectClass=person)(uid=([a-zA-Z]+.[0-9]+)))" "ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub(mail=$1@osu.edu)"
I see (at least) four errors here:
1) the URI doesn't have to be here; it must be in the ldap map. Otherwise it's just treated for what it is: a string.
2) in any case, an LDAP URL needs a "?" to separate the scope ("sub") from the filter.
3) escapes need to appear twice, because "" is the escape char for slapd.conf and for the regex. So using a single escape, like "(objectClass=person)", results in passing "(objectClass=person)" to regcomp(3), and the "(" ")" are treated as special regex chars. This is illustrated in slapo-rwm(5).
4) a bindDN will never look like an LDAP filter. So this rule shouldn't be in the "bindDN" rewrite context.
"@" # if the lookup fails, the error is ignored, and thus
# the original DN is used.
To obtain what you want, but in the "searchFilter" rewrite context, something like
rwm-rewriteMap ldap "realBindDNLookup" "ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub" rwm-rewriteContext searchFilter rwm-rewriteRule "^\(&\(objectClass=person\)\(uid=([a-zA-Z]+\.[0-9]+)\)\)$" "${realBindDNLookup(mail=$1@osu.edu)}" ":@"
should work.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------