Re: using openldap as a translation layer.
I understand the "lazyness" completely, because I've only been able to work
on this intermittantly, it is a long (chronologically especially) thread.
My configuration is:
============================================================
database ldap
suffix "dc=mywork,dc=com"
access to * by * read
readonly on
uri ldap://the-server:389/
overlay rwm
rwm-rewriteEngine on
#left here because it might be useful, to simlpify things later, but not
currently used
rwm-rewriteMap
ldap
"realBindDNLookup"
"ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub"
# bind DN rewrite rules
rwm-rewriteContext bindDN
# extract the username from the incorrect DN, and try to use it
# as mailbox in a lookup filter "(mail=<mailbox>@domain)" to
# fetch the corresponding DN
#original
# "^uid=([^,]+)?,ou=People,dc=mywork,dc=com$"
#alt #1
# "uid=([a-zA-Z-]+\.[\d]+)"
#alt #2
# "\(&\(objectClass=person\)\(uid=([a-zA-Z]+\.[0-9]+)\)\)"
rwm-rewriteRule
"\(&\(objectClass=person\)\(uid=([a-zA-Z]+\.[0-9]+)\)\)"
"ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub(mail=$1@osu.edu)"
"@"
# if the lookup fails, the error is ignored, and thus
# the original DN is used.
============================================================
what I listed previously wasn't a rule, but 3 regexes I tried for the match
parameter of the rule.
Thanks,
-Jim Stapleton
----- Original Message -----
From: "Pierangelo Masarati" <ando(a)sys-net.it>
To: "S James S Stapleton" <stapleton.41(a)osu.edu>
Cc: <openldap-software(a)openldap.org>
Sent: Thursday, July 12, 2007 12:00 PM
Subject: Re: using openldap as a translation layer.
S James S Stapleton wrote:
> OK, I got it working now (rwm/ldap anway, using cygwin instead of mingw,
> the process worked).
>
> However, I'm not getting any results yet.
>
> If I see these two lines in the output (-g -1):
> ==> rewrite_context_apply [depth=1]
> string='(&(objectClass=person)(uid=stapleton.41))'
> ==> rewrite_context_apply [depth=1] res={0,'NULL'}
>
> The second line means the regex did not match, correct?
sort of
> I tried this
> with the original regex that was suggested to me, and the following
> match attempts, with the same {0,'NULL'} results:
>
> "\(\&\(objectClass=person\)\(uid=([a-zA-Z]+\.[0-9]+)\)\)"
> "\(&\(objectClass=person\)\(uid=([a-zA-Z]+\.[0-9]+)\)\)"
> "uid=([a-zA-Z]+\.[0-9]+)"
>
>
> Any suggestions on what I am doing wrong? (I figure I am either reading
> the output wrong, or have botched the regex, possibly both)
The above regex'es make little sense to me. It doesn't even look like a
rewrite statement, but just rather a bunch of regex'ish lines. What is
the rewrite configuration you're actually using? What's your intention?
(please excuse my laziness, but the original thread is too long to
figure out myself).
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------