[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: order of rewrite context processing



2008-03-17_16:40:26-0400 Ron Peterson <rpeterso@MtHolyoke.edu>:

> Does searchDN get processed before searchFilter?  Is there a way around
> that?  Is there a better way to do this?  The basic concept seems to
> work fine w/ bindDN, but not searchFilter.

I guess I'm back to my original question.  Below, I'm simply hardcoding
the value of ${**case}, and otherwise leaving the searchFilter or bindDN
string alone.  If I uncomment my searchFilter rule as below, I get a
'searchDN massage error'.  I don't have any searchDN rules anywhere
else.  If I comment my searchFilter rule, and uncomment my bindDN rule,
it works fine.  OpenLDAP 2.4.8.

________________________________________________________________________
# Global rewrite rules, before any backend definitions
overlay             rwm
rwm-rewriteEngine   on

# This does not work
rwm-rewriteContext  searchFilter
rwm-rewriteRule     ".*"
                    "${&&case(m)}$0"
                    ":"

# This works
# rwm-rewriteContext  bindDN
# rwm-rewriteRule     ".*"
#                     "${&&case(m)}$0"
#                     ":"

rwm-rewriteContext  searchDN
rwm-rewriteRule     "(.*)o=fc"
                    "${**case}<>${&prefix($1)}"
                    ":"
rwm-rewriteRule     "m{1,2}<>$"
                    "${*prefix}o=m"
                    ":@"
rwm-rewriteRule     ".*<>$"
                    "${*prefix}o=default"
                    ":"

________________________________________________________________________
1304# ldapsearch -x -W -D "cn=username,o=m" -b "o=fc" '(cn=somebody)'
Enter LDAP Password: xxxxx

# extended LDIF
#
# LDAPv3
# base <o=fc> with scope subtree
# filter: (cn=somebody)
# requesting: ALL
#

# search result
search: 2
result: 80 Other (e.g., implementation specific) error
text: searchDN massage error


-- 
Ron Peterson
Network & Systems Manager
Mount Holyoke College