S James S Stapleton wrote:
Crud, oops, I missed that. I turned it off so I could see some clean-slate results for comparison. Just turned it on. The result is a stackdump.
You mean core dump? Please file an ITS for that, it shouldn't happen (you should be using the latest OpenLDAP 2.3 or so, right?). Since you're using Cygwin, you should be able to install gdb and get a decent stack trace out of a non-stripped binary (e.g. the one before installation, servers/slapd/slapd.exe).
I'm trying to get the queries from a server people are logging into to translate to the form of the authentication server server. I did read the man page, but it has not cleared up my confusion in some of these matters.
The login server is sending a query, wherein the uid is set to a persons 'unique name', which is not part of the DN. To get the DN, you need to do a search on the mail address, which is the unique name + '@osu.edu'. The uid is a number and part of the DN, the unique name is not.
Right now it is running a query with: (*(objectClass=people)(uid=name.number))
and it needs to be: (*(objectClass=people)(mail=name.number@osu.edu))
Not sure what you mean with "queries". If what you mean is:
"simple binds get in with some DN; the DN is not right, but it can be used to look up the right DN"
that's one business.
Otherwise, if you mean
"plain searches come in with some filter; the filter looks for some value of uid, but they should rather look for a value of mail that can be derived from that of uid"
then what you should do is
rewriteContext searchFilter rewriteRule "^\(&\(objectClass=person\)\(uid=([^.]+\.[0-9]+)\)\)$" "(&(objectClass=person)(mail=$1@osu.edu))" ":@"
and that's it.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------