Hi,
I am using OpenLDAP 2.4.33 and the rwm overlay.
I am attempting to remove ("hide") certain DN entries from
returned queries.
The rwm configuration looks like
overlay rwm
rwm-rewriteEngine on
rwm-rewriteContext searchAttrDN
rwm-rewriteRule "^employeeNumber=.*$" "$0" ":@"
rwm-rewriteRule "cn=.*" "" "#"
Without the rwm overlay the query with filter
'(&(objectClass=groupOfNames)(cn=LVCGroupMembers))' member
returns
dn: cn=LVCGroupMembers,ou=LVC,ou=Communities,ou=grouper,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=1377,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
member: cn=UWashingtonGroupMembers,ou=UWashington,ou=MOU,ou=LSC,ou=LVC,ou=Communities,ou=grouper,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=19,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=1331,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=935,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=459,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=876,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
<snip>
I want to "hide" the members with DNs of the form "cn=*" (I
want to squash the nested groups).
With the rwm configuration above the hiding almost works--93
of member DNs are "hidden", but 3 are not:
$ ldapsearch -D "<some bind dn>" -w password -x -LLL -b 'dc=wiki,dc=myorg,dc=org' -H ldaps://server.somewhere '(&(objectClass=groupOfNames)(cn=LVCGroupMembers))' member | grep cn
dn: cn=LVCGroupMembers,ou=LVC,ou=Communities,ou=grouper,o=internal,dc=wiki,dc=
member: cn=AGWGGroupMembers,ou=AGWG,ou=MOU,ou=LSC,ou=LVC,ou=Communities,ou=gro
member: cn=GWUGroupMembers,ou=GWU,ou=MOU,ou=LSC,ou=LVC,ou=Communities,ou=group
member: cn=ULBGroupMembers,ou=ULB,ou=MOU,ou=LSC,ou=LVC,ou=Communities,ou=group
I checked and the 3 DNs that survive are not different in any
substantial way then the 97 DNs that are effectively hidden.
Any ideas why the 3 DNs survive the rewriting?
Thanks,
Scott