[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP's Backend Rewrite Engine
Thank you, Dieter. For reasons outside of my control, I can't place a "rootpw" or a "rootdn" attribute in the configuration file. Suffix massaging works when the bind is for one user with privileges for both DNs. I have a situation where the user may be different every time a bind is attempted. For example, when a user attempts to authenticate his/herself they will submit their credentials to "ldap://public.com". They will attempt a bind on that server using a DN "cn=user1,cn=Administrators,dc=test,dc=com". I would like the server "ldap://public.com" to proxy the bind for "ldap://mixedmaster.mixeddomain.com" using the same credentials but under a different DN "cn=user1,cn=Users,dc=mixeddomain,dc=com".
The server "ldap://mixedmaster.mixeddomain.com" would then return success or failure to "ldap://public.com" who would then return success of failure to the client.
Can this be done? If yes, do the rules I posted earlier (below) make any sense? I'm certainly missing something, I'm just not sure where to go from here.
Michael
Dieter Kluenter wrote:
Michael Gale <michaelg@xandros.com> writes:
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
So, I decided to try the proxy approach, and I would like to rewrite a
DN from this:
"cn=<user name>,cn=Administrators,dc=test,dc=com"
to this:
"cn=<user name>,cn=Users,dc=mixeddomain,dc=com"
I would like to perform a simple substitution where the user name from
one DN gets copied to another. I am using a rewrite context for a
client -> server operation, but I'm pretty sure the following is not
right:
database ldap
rewriteEngine On
rewriteContext bindDn
rewriteRule "cn=(.*),cn=Administrators,dc=test,dc=com"
"cn=%1,cn=Users,dc=mixeddomain,dc=com"
rebind-as-user
uri ldap://mixedmaster.mixeddomain.com/
I'm a little lost as to what rules/contexts/uris are required in the
"slapd.conf" file. Any help would be greatly appreciated.
You didn't mention which version you are referring to.
I my OpenLDAP-2.X.X which is april HEAD I have following lines
,----[ slapd.conf ]
| modulepath /usr/local/libexec/openldap
| moduleload pcache.la
| moduleload rwm.la
| moduleload back-ldap.la
| ...
| database ldap
| lastmod off
| overlay rwm
| suffix "dc=virtual,dc=com"
| rwm-suffixmassage "dc=virtual,dc=com" "dc=real,dc=com"
| rootdn cn=admin,dc=virtual,dc=com
| rootpw secret
| binddn cn=updateManager,dc=real,dc=com
| bindpw secret2
| uri ldap://remote.server:389
| ....
| <some proxycache options>
`----
-Dieter