[Date Prev][Date Next] [Chronological] [Thread] [Top]

order of rewrite context processing



I'm trying to select a backend (ldap proxy) according to the the content
of a search filter.  I've configured something like this prior to any
backend definitions:

rwm-rewriteContext  bindDN
rwm-rewriteRule     ".*"
                    "${&&bindprefix("")}$0"
                    ":"
rwm-rewriteRule     "cn=([shaum])_(.+)"
                    "${&&bindprefix($1)}cn=$2"
                    ":"

rwm-rewriteContext  searchFilter
rwm-rewriteRule     ".*"
                    "${&&filterprefix("")}$0"
                    ":"
rwm-rewriteRule     "(.*)cn=([shaum])_(.+)"
                    "${&&filterprefix($2)}$1cn=$3"
                    ":"

# Using this expression below breaks things.  I'm guessing the searchDN
# context gets processed before searchFilter, so ${**filterprefix} is
# undefined.
#                    "${**bindprefix}${**filterprefix}<>${&prefix($1)}"

rwm-rewriteContext  searchDN
rwm-rewriteRule     "(.*)o=fc"
                    "${**bindprefix}<>${&prefix($1)}" <=== replace w/ above
                    ":I"
rwm-rewriteRule     "s{1,2}<>$"
                    "${*prefix}o=backa"
                    ":@I"
rwm-rewriteRule     "h{1,2}<>$"
                    "${*prefix}o=backb"
                    ":@I"
etc...

Does searchDN get processed before searchFilter?  Is there a way around
that?  Is there a better way to do this?  The basic concept seems to
work fine w/ bindDN, but not searchFilter.

I'm using OpenLDAP 2.4.8

TIA.

-- 
Ron Peterson
Network & Systems Manager
Mount Holyoke College