Re: using openldap as a translation layer.

S James S Stapleton wrote: I got all of the above lined up in column 1. I hope it's the mailer, otherwise please read slapd.conf(5) about the syntax, and specifically about continuation lines. I see (at least) four errors here: 1) the URI doesn't have to be here; it must be in the ldap map. Otherwise it's just treated for what it is: a string. 2) in any case, an LDAP URL needs a "?" to separate the scope ("sub") from the filter. 3) escapes need to appear twice, because "\" is the escape char for slapd.conf and for the regex. So using a single escape, like "\(objectClass=person\)", results in passing "(objectClass=person)" to regcomp(3), and the "(" ")" are treated as special regex chars. This is illustrated in slapo-rwm(5). 4) a bindDN will never look like an LDAP filter. So this rule shouldn't be in the "bindDN" rewrite context. To obtain what you want, but in the "searchFilter" rewrite context, something like rwm-rewriteMap ldap "realBindDNLookup" "ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub" rwm-rewriteContext searchFilter rwm-rewriteRule "^\\(&\\(objectClass=person\\)\\(uid=([a-zA-Z]+\\.[0-9]+)\\)\\)$" "${realBindDNLookup(mail=$1(a)osu.edu)}" ":@" should work. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------