Hi,
The OpenLDAP 2.4 documentation states:
"When using slapd.conf(5), overlays that are configured before any other databases are considered global, as mentioned above. In fact they are implicitly stacked on top of the frontend database. They can also be explicitly configured as such: database frontend overlay <overlay name>"
I currently use slapo-rwm, defined as a global declaration in slapd.conf, to provide bindDN rewrites to a remote LDAP server via slapo-ldap (LDAP proxy database). Is it possible then, if I'm interpreting the documentation correctly, to additionally stack a rewrite/remap overly in each defined database section? The objective would be to achieve database specific rewrites that are not applicable to all defined databases.
e.g.
database ldap suffix "dc=abc,dc=local" uri "ldap://172.11.250.200/" overlay rwm rwm-rewriteEngine on rwm-rewriteContext searchEntryDN rwm-rewriteRule "^cn=(.+)?\\2C(.+)?,ou=users,dc=abc,dc=local$" "cn=$1_$2,ou=users,dc=abc,dc=local" ":@" [...etc.]
database ldap suffix "dc=xyz,dc=local" uri "ldap://172.11.250.201/" overlay rwm rwm-rewriteEngine on rwm-rewriteContext searchEntryDN rwm-rewriteRule <some other rewrite rule here> [...etc.]
If this is possible, does the configuration allow one to define the overlay at the "backend" level, so that it applies to all databases of the same type?
e.g.
backend ldap overlay rwm rwm-rewriteEngine on
database ldap suffix "dc=abc,dc=local" uri "ldap://172.11.250.200/" rwm-rewriteContext searchEntryDN rwm-rewriteRule "^cn=(.+)?\\2C(.+)?,ou=users,dc=abc,dc=local$" "cn=$1_$2,ou=users,dc=abc,dc=local" ":@" [...etc.]
database ldap suffix "dc=xyz,dc=local" uri "ldap://172.11.250.201/" rwm-rewriteContext searchEntryDN rwm-rewriteRule <some other rewrite rule here> [...etc.]
Thanks Bryce Powell
Bryce Powell wrote:
If this is possible, does the configuration allow one to define the overlay at the “backend” level, so that it applies to all databases of the same type? e.g. backend ldap overlay rwm rwm-rewriteEngine on
No. No modules in OpenLDAP have ever implemented anything for the "backend" keyword, it is purely a no-op.
Also No: overlays may only be configured on databases. Not backends.
openldap-technical@openldap.org