Hi to all,

for my companty I'm triing to setup a LDAP proxy to our Active Direcory implementation, after some time I have found several problems on some critical application that does not support multiple OU anche CN formed by "Surname Name" caused by the bad structure and nomenclature on the AD, but we cant change it.
To work around the problem I have used the rwm module to rewrite the client binddn query part to AD format name.surname@domain, but the proxy return:

[root@client ~]# ldapsearch -H ldap://192.168.29.134  -D "CN=Name.Surname,OU=subou,OU=Users HOUSE,DC=domain,DC=int" -W
ldap_bind: Invalid syntax (21)
        additional info: bindDN massage error
        
some logs:

Nov  3 21:32:33 proxy slapd[1309]: conn=1001 op=0 do_bind
Nov  3 21:32:33 proxy slapd[1309]: >>> dnPrettyNormal: <CN=Name.Surname,OU=subou,OU=Users HOUSE,DC=domain,D C=int>
Nov  3 21:32:33 proxy slapd[1309]: <<< dnPrettyNormal: <cn=Name.Surname,ou=subou,ou=Users HOUSE,dc=domain,dc=int>, <cn=Name.Surname,ou=subou,ou=users house,dc=domain,dc=int>
Nov  3 21:32:33 proxy slapd[1309]: conn=1001 op=0 BIND dn="cn=Name.Surname,ou=subou,ou=Users HOUSE,dc=domain,dc=int" method=128
Nov  3 21:32:33 proxy slapd[1309]: do_bind: version=3 dn="cn=Name.Surname,ou=subou,ou=Users HOUSE,dc=domain,dc=int" method=128
Nov  3 21:32:33 proxy slapd[1309]: daemon: activity on 1 descriptor
Nov  3 21:32:33 proxy slapd[1309]: daemon: activity on:
Nov  3 21:32:33 proxy slapd[1309]: ==> rewrite_context_apply [depth=1] string='cn=Name.Surname,ou=subou,ou=Users HOUSE,dc=domain,dc=int'
Nov  3 21:32:33 proxy slapd[1309]:
Nov  3 21:32:33 proxy slapd[1309]: ==> rewrite_rule_apply rule='^([C,c][N,n]=)([^.]*)\.([^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)(,[O,o] [U,u][^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)$' string='cn=Name.Surname,ou=subou,ou=Users HOUSE,dc=domain,dc=int' [1 pass(es)]
Nov  3 21:32:33 proxy slapd[1309]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Nov  3 21:32:33 proxy slapd[1309]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Nov  3 21:32:33 proxy slapd[1309]: daemon: epoll: listen=9 active_threads=0 tvp=NULL
Nov  3 21:32:33 proxy slapd[1309]: daemon: epoll: listen=10 active_threads=0 tvp=NULL
Nov  3 21:32:33 proxy slapd[1309]: ==> rewrite_rule_apply rule='^([C,c][N,n]=)([^.]*)\.([^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)$' string='cn=Name.Surname,ou=subou,ou=Users HOUSE,dc=domain,dc=int' [1 pass(es)]
Nov  3 21:32:33 proxy slapd[1309]: ==> rewrite_rule_apply rule='^([C,c][N,n]=)([^.]*)\.([^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)$' string='cn=Name.Surname,ou =subou,ou=Users HOUSE,dc=domain,dc=int' [1 pass(es)]
Nov  3 21:32:33 proxy slapd[1309]: ==> rewrite_rule_apply rule='^([C,c][N,n]=)([^.]*)\.([^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)$' string='cn=Name.Surname,ou=subou,ou=Users HOUSE,dc=domain,dc=int' [1 pass(es)]
Nov  3 21:32:33 proxy slapd[1309]: ==> rewrite_rule_apply rule='^([C,c][N,n]=)([^.]*)\.([^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)$' string='cn=Name.Surname,ou=subou,ou=Users HOUSE,dc=domain,dc=int' [1 pass(es)]
Nov  3 21:32:33 proxy slapd[1309]: ==> rewrite_context_apply [depth=1] res={0,'Name.Surname@domain.int'}
Nov  3 21:32:33 proxy slapd[1309]: [rw] bindDN: "cn=Name.Surname,ou=subou,ou=Users HOUSE,dc=domain,dc=int" -> "Name.Surname@domain.int"
Nov  3 21:32:33 proxy slapd[1309]: >>> dnPrettyNormal: <Name.Surname@domain.int>
Nov  3 21:32:33 proxy slapd[1309]: send_ldap_result: conn=1001 op=0 p=3
Nov  3 21:3 2:33 proxy slapd[1309]: send_ldap_result: err=21 matched="" text="bindDN massage error"
Nov  3 21:32:33 proxy slapd[1309]: send_ldap_response: msgid=1 tag=97 err=21
Nov  3 21:32:33 proxy slapd[1309]: conn=1001 op=0 RESULT tag=97 err=21 text=bindDN massage error


I have downloaded the source code for try to remove or skip this check, but with my few programming skills after a month I haven't find the solution.
So there is a way (or a better way) to accomplish this need?

Best regards,
Giuseppe.

Config file of my test env:

### Schema includes ###########################################################
#include         /etc/ldap/schema/corba.schema
#include         /etc/ldap/schema/core.schema
#include         /etc/ldap/schema/cosine.schema
#include         /etc/ldap/schema/duaconf.schema
#include   & nbsp;     /etc/ldap/schema/dyngroup.schema
#include         /etc/ldap/schema/inetorgperson.schema
#include         /etc/ldap/schema/java.schema
#include         /etc/ldap/schema/misc.schema
#include         /etc/ldap/schema/nis.schema
#include         /etc/ldap/schema/openldap.schema
#include         /etc/ldap/schema/ppolicy.schema
#include         /etc/ldap/schema/collective.schema
#include         /etc/openldap/schema/ad.schema


include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
#include         /etc/ldap/schema/duaconf.schema
#include         /etc/ldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
#include         /etc/ldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
#include         /etc/ldap/schema/openldap.schema
#include         /etc/ldap/schema/ppolicy.schema
#include         /etc/ldap/schema/collective.schema
include         /etc/openldap/schema/ad.schema
#


## Module paths ##############################################################
#modulepath              /usr/lib/ldap/
moduleload              back_ldap
moduleload              rwm

overlay                 rwm
rwm-rewriteEngine       on
rwm-rewriteContext      bindDN
rwm-rewriteRule     "^([C,c][N,n]=)([^.]*)\\.([^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)$" "$2.$3@domain.int" ":@I"
#rwm-rewriteRule     "^([C,c][N,n]=)([^.]*)\\.([^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)$" "domain\\$2.$3" ":@I"
#rwm-rewriteRule     "^([C,c][N,n]=)([^.]*)\\.([^.]*)(,[O,o][U,u][^.]*)(,[O,o][U,u][^.]*)$" "CN=$3 $2$4$5" ":@I"

# Main settings ###############################################################
pidfile                 /var/run/openldap/slapd.pid
argsfile                /var/run/openldap/slapd.args
allow bind_v2

### Database definition (Proxy to AD) #########################################
database                config< br />database                ldap
readonly                yes
protocol-version        3
rebind-as-user
uri                     "ldap://192.168.29.133:389"
suffix                  "dc=domain,dc=int"
rootdn                  "CN=Administrator,CN=Users,DC=domain,DC=int"
rootpw                  "hidden"

idassert-bind bindmethod=simple
   binddn="CN=Administrator,CN=Users,DC=domain,DC=int"
   credentials="hidden"
   mode=none
   flags=non-prescriptive
idassert-authzFrom "*"

#overlay                 rwm
rwm-map                 attribute       uid     sAMAccountName
rwm-map                 attribute       mail    proxyAddresses

### Logging ###################################################################
loglevel                -1