On Fri, 27 Jul 2007 09:16:01 +0200, Pierangelo Masarati ando@sys-net.it said:
You don't provide enough information (e.g. the rest of your slapd.conf). Apparently, no attempt to rewrite the bind DN ever takes place. I guess there's no database that can handle that request and pass it to the rwm overlay.
My apologies: I was trying not to include too much data. But that may be an aspect I just missed: I've been focusing on the rewrite mechanics. The examples in slapo-rwm don't seem to specify an enclosing database, including the example I'm trying to duplicate. I'm not sure how to work out what is required.
# Then we need to detect DN made up of a single email, # e.g. `mail=someone@example.com'; note that the rule # in case of match stops rewriting; in case of error, # it is ignored. In case we are mapping virtual # to real naming contexts, we also need to rewrite # regular DNs, because the definition of a bindDN # rewrite context overrides the default definition. rwm-rewriteContext bindDN rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
That seems to be talking about a DN without any suffix at all; i.e.
ldapsearch -x -D "mail=someone@example.com" -W
bare. I infer from your comment that I need to define a database with a blank suffix, and express this rewrite rule within that? I'll set about attempting this.
If there's some better FM which I should be Ring, I'll be more than content with a pointer to it. I googled rather a lot before getting to this point, and the slapo-rwm man page appears to be the most detailed document available.
If I get it working, would the Lords of LDAP entertain a doc patch?
- Allen S. Rout