Re: using openldap as a translation layer.

12 Jul 2007


      S James S Stapleton wrote:
...
I didn't realize that was specific to filters.
It is not specific to filters.  It is specific to specific contexts.
Did you read slapo-rwm(5)?
...
So this is a search then?
overlay rwm
rwm-rewriteEngine off
??? "off" ???
...
#note: I changed the name of the filter since the original name wasn't
usefully descriptive
rwm-rewriteMap
 ldap
 "realMailSearchLookup"
 "ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub"
rwm-rewriteContext searchFilter
Rules that follow will be invoked only during searches, passing the
search filter
...
rwm-rewriteRule
 "^\(&\(objectClass=person\)\(uid=([a-zA-Z]+\.[0-9]+)\)\)$"
This pattern is supposed to be filter specific, as it is defined for a
"searchFilter" context
...
"${RealMailSearchLookup(mail=$1@osu.edu)}" ":@"
The result of the map lookup will be used as search filter, replacing
the original filter.  But your map returns a DN, which is __NOT__ a
valid search filter.  So the remote server will barf (unless local
controls reject the search without even contacting the remote server;
I'm not sure about this).
...
":@"
#added because it didn't seem to be matching anything
#rwm-rewriteContext searchDN alias searchFilter
A "searchDN" context cannot use rules defined for filters, since it is
supposed to be passed and to return a DN, and a filter and a DN usually
differ radically.
...
#rwm-rewriteContext searchFilterAttrDN alias searchFilter
Same as above.
...
just for grins, I tried this, but with no luck either:
rwm-rewriteRule
 "^(.*)\(&\(objectClass=person\)\(uid=([a-zA-Z]+\.[0-9]+)\)\)(.*)$"
 "$1(&(objectClass=person)(mail=$2@osu.edu))$3"
 "@"
Not sure what you're trying to achieve.  But slapo-rwm(5) is not the
right tool to just try and see what happens.  Unless you follow some
rationale, it can give very puzzling results (usually just nothing,
which is frustrating).
I'd rather go back and describe what you want to obtain.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: using openldap as a translation layer.

So this is a search then?

just for grins, I tried this, but with no luck either: