I understand the "lazyness" completely, because I've only been able to work on this intermittantly, it is a long (chronologically especially) thread.
My configuration is:
============================================================ database ldap suffix "dc=mywork,dc=com" access to * by * read readonly on uri ldap://the-server:389/
overlay rwm rwm-rewriteEngine on #left here because it might be useful, to simlpify things later, but not currently used rwm-rewriteMap ldap "realBindDNLookup" "ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub" # bind DN rewrite rules rwm-rewriteContext bindDN # extract the username from the incorrect DN, and try to use it # as mailbox in a lookup filter "(mail=<mailbox>@domain)" to # fetch the corresponding DN #original # "^uid=([^,]+)?,ou=People,dc=mywork,dc=com$" #alt #1 # "uid=([a-zA-Z-]+.[\d]+)" #alt #2 # "(&(objectClass=person)(uid=([a-zA-Z]+.[0-9]+)))" rwm-rewriteRule "(&(objectClass=person)(uid=([a-zA-Z]+.[0-9]+)))" "ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub(mail=$1@osu.edu)" "@" # if the lookup fails, the error is ignored, and thus # the original DN is used. ============================================================
what I listed previously wasn't a rule, but 3 regexes I tried for the match parameter of the rule.
Thanks, -Jim Stapleton
----- Original Message ----- From: "Pierangelo Masarati" ando@sys-net.it To: "S James S Stapleton" stapleton.41@osu.edu Cc: openldap-software@openldap.org Sent: Thursday, July 12, 2007 12:00 PM Subject: Re: using openldap as a translation layer.
S James S Stapleton wrote:
OK, I got it working now (rwm/ldap anway, using cygwin instead of mingw, the process worked).
However, I'm not getting any results yet.
If I see these two lines in the output (-g -1): ==> rewrite_context_apply [depth=1] string='(&(objectClass=person)(uid=stapleton.41))' ==> rewrite_context_apply [depth=1] res={0,'NULL'}
The second line means the regex did not match, correct?
sort of
I tried this with the original regex that was suggested to me, and the following match attempts, with the same {0,'NULL'} results:
"(&(objectClass=person)(uid=([a-zA-Z]+.[0-9]+)))" "(&(objectClass=person)(uid=([a-zA-Z]+.[0-9]+)))" "uid=([a-zA-Z]+.[0-9]+)"
Any suggestions on what I am doing wrong? (I figure I am either reading the output wrong, or have botched the regex, possibly both)
The above regex'es make little sense to me. It doesn't even look like a rewrite statement, but just rather a bunch of regex'ish lines. What is the rewrite configuration you're actually using? What's your intention? (please excuse my laziness, but the original thread is too long to figure out myself).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it