Re: Rewriting BindDN?

["Allen S. Rout" <asr@ufl.edu>]

>> On Fri, 27 Jul 2007 09:16:01 +0200, Pierangelo Masarati <ando@sys-net.it> said:


> You don't provide enough information (e.g. the rest of your
> slapd.conf).  Apparently, no attempt to rewrite the bind DN ever
> takes place.  I guess there's no database that can handle that
> request and pass it to the rwm overlay.

My apologies: I was trying not to include too much data.  But that may
be an aspect I just missed: I've been focusing on the rewrite
mechanics. The examples in slapo-rwm don't seem to specify an
enclosing database, including the example I'm trying to duplicate. I'm
not sure how to work out what is required.

 # Then we need to detect DN made up of a single email,
 # e.g. `mail=someone@example.com'; note that the rule
 # in case of match stops rewriting; in case of error,
 # it is ignored.  In case we are mapping virtual
 # to real naming contexts, we also need to rewrite
 # regular DNs, because the definition of a bindDN
 # rewrite context overrides the default definition.
 rwm-rewriteContext bindDN
 rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"

That seems to be talking about a DN without any suffix at all;  i.e. 

ldapsearch -x -D "mail=someone@example.com" -W 

bare.  I infer from your comment that I need to define a database with
a blank suffix, and express this rewrite rule within that?  I'll set
about attempting this.


If there's some better FM which I should be Ring, I'll be more than
content with a pointer to it. I googled rather a lot before getting to
this point, and the slapo-rwm man page appears to be the most detailed
document available.


If I get it working, would the Lords of LDAP entertain a doc patch?


- Allen S. Rout