FYI - last week I filed an ITS regarding overlay rwm:

-----Ursprüngliche Nachricht----- Von: Uwe Werler uwe.werler@retiolum.eu Gesendet: Mo 13.10.2014 08:46 Betreff: (ITS#7964) overlay rwm escape issue with more the 9 rules / rewrite statements An: openldap-its@OpenLDAP.org; Full_Name: Uwe Werler Version: 2.4.40 OS: Linux / SLES 11 SP3 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (155.56.68.214)

If I have rewrite rules like this:

23 olcOverlay={1}rwm,olcDatabase={3}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcRwmConfig olcOverlay: {1}rwm olcRwmRewrite: {0}rwm-rewriteEngine on olcRwmRewrite: {1}rwm-rewriteContext searchFilter olcRwmRewrite: {2}rwm-rewriteRule "(.*\()uid=sapr3(\).*)" "$1uid=dlmsapr3$2" olcRwmRewrite: {3}rwm-rewriteRule "(.*\()uid=sdb(\).*)" "$1uid=sdb$2" olcRwmRewrite: {4}rwm-rewriteRule "(.*\()uid=sapadm(\).*) "$1uid=dlmsapadm$2" olcRwmRewrite: {5}rwm-rewriteRule "(.*\()uid=sapmnt(\).*)" "$1uid=sapmnt$2" olcRwmRewrite: {6}rwm-rewriteRule "(.*\()uid=[a-z0-9]{3}adm(\).*)" "$1uid=dlmsidadm$2" olcRwmRewrite: {7}rwm-rewriteRule "(.*\()uid=sqd[a-z0-9]%3%3}(\).*)" "$1uid=dlmsqdsid$2" olcRwmRewrite: {8}rwm-rewriteRule "(.*\()uid=ora[a-z0-9]{3}(\).*)" "$1uid=dlmorasid$2" olcRwmRewrite: {9}rwm-rewriteRule "(.*\()uid=sap[a-z0-9]{3}(\).*)" "$1uid=dlmsapr3$2" olcRwmRewrite: {10}rwm-rewriteRule "(.*\()uid=sap[a-z0-9]{3}db(\).*)" "$1uid=dlmsapr3db$2" olcRwmRewrite: {11}rwm-rewriteRule "(.*\()uid=db2[a-z0-9]{3}(\).*)" "$1uid=dlmdb2sid$2" olcRwmRewrite: {12}rwm-rewriteRule "(.*\()uid=db2[a-z0-9]{3}ap(\).*)" "$1uid=dlmdb2sid$2"

then the 7. rule / 9. statement failes to escape. In this example ora*** get's not correctly rewritten to dlmora***: See loglevel trace:

543b711d ==> rewrite_rule_apply rule='(.*()uid=sapr3().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sdb().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sapadm().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sapmnt().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=[a-z0-9]{3}adm().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sqd[a-z0-9]{3}().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*\()uid=ora[a-z0-9]{3}(\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sap[a-z0-9]{3}().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=sap[a-z0-9]{3}db().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=db2[a-z0-9]{3}().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*()uid=db2[a-z0-9]{3}ap().*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)]

If I insert a dummy statement like this:

olcRwmRewrite: {0}rwm-rewriteEngine on olcRwmRewrite: {1}rwm-rewriteContext searchFilter olcRwmRewrite: {2}rwm-rewriteRule "(.*\()uid=sapr3(\).*)" "$1uid=dlmsapr3$2" olcRwmRewrite: {3}rwm-rewriteRule "(.*\()uid=sdb(\).*)" "$1uid=sdb$2" olcRwmRewrite: {4}rwm-rewriteRule "(.*\()uid=sapadm(\).*)" "$1uid=dlmsapadm$2" olcRwmRewrite: {5}rwm-rewriteRule "(.*\()uid=sapmnt(\).*)" "$1uid=sapmnt$2" olcRwmRewrite: {6}rwm-rewriteRule "(.*\()uid=[a-z0-9]{3}adm(\).*)" "$1uid=dlmsidadm$2" olcRwmRewrite: {7}rwm-rewriteRule "(.*\()uid=sqd[a-z0-9]{3}(\).*)" "$1uid=dlmsqdsid$2" olcRwmRewrite: {8}rwm-rewriteRule "(.*\()uid=ora[a-z0-9]{3}(\).*)" "$1uid=dlmorasid$2" olcRwmRewrite: {9}rwm-rewriteContext placeHolder alias searchFilter olcRwmRewrite: {10}rwm-rewriteRule "(.*\()uid=sap[a-z0-9]{3}(\).*)" "$1uid=dlmsapr3$2" olcRwmRewrite: {11}rwm-rewriteRule "(.*\()uid=sap[a-z0-9]{3}db(\).*)" "$1uid=dlmsapr3db$2" olcRwmRewrite: {12}rwm-rewriteRule "(.*\()uid=db2[a-z0-9]{3}(\).*)" "$1uid=dlmdb2sid$2" olcRwmRewrite: {13}rwm-rewriteRule "(.*\()uid=db2[a-z0-9]{3}ap(\).*)" "$1uid=dlmdb2sid$2"

then the escapes are working properly.

Sometimes this occurs with the last rule too.

I first tried with 2.4.26 (standard version in SLES11 SP3) and now with 2.4.40.

Regards Uwe