Re: using openldap as a translation layer.
It is not specific to filters. It is specific to specific contexts.
Did you read slapo-rwm(5)?
by it I was referring to the (&(a=b)(c=d)) syntax. I thought that could be
used in different types of request. Sorry, still a noob with LDAP.
Yeah I read the man page, and I've been referencing it a lot while fiddling
with this. Unfortunately they are only doing so much to clarify things.
> So this is a search then?
> ============================================================
> overlay rwm
> rwm-rewriteEngine off
??? "off" ???
Crud, oops, I missed that. I turned it off so I could see some clean-slate
results for comparison. Just turned it on. The result is a stackdump. Given
your comments later in the mail, that's not surprising.
> just for grins, I tried this, but with no luck either:
> ============================================================
> rwm-rewriteRule
>
>
"^(.*)\\(&\\(objectClass=person\\)\\(uid=([a-zA-Z]+\\.[0-9]+)\\)\\)(.*)$"
> "$1(&(objectClass=person)(mail=$2(a)osu.edu))$3"
> "@"
Not sure what you're trying to achieve. But slapo-rwm(5) is not the
right tool to just try and see what happens. Unless you follow some
rationale, it can give very puzzling results (usually just nothing,
which is frustrating).
I'm trying to get the queries from a server people are logging into to
translate to the form of the authentication server server. I did read the
man page, but it has not cleared up my confusion in some of these matters.
The login server is sending a query, wherein the uid is set to a persons
'unique name', which is not part of the DN. To get the DN, you need to do a
search on the mail address, which is the unique name + '(a)osu.edu'. The uid
is a number and part of the DN, the unique name is not.
Right now it is running a query with:
(*(objectClass=people)(uid=name.number))
and it needs to be:
(*(objectClass=people)(mail=name.number(a)osu.edu))
Thanks,
-Jim Stapleton