Hi,
The OpenLDAP 2.4 documentation states:
“When using slapd.conf(5), overlays that are configured before any other databases are considered global, as mentioned above. In fact they are implicitly
stacked on top of the frontend database. They can also be explicitly configured as such:
database frontend
overlay <overlay name>”
I currently use slapo-rwm, defined as a global declaration in slapd.conf, to provide bindDN rewrites to a remote LDAP server via slapo-ldap (LDAP proxy database). Is it possible then, if I’m interpreting the documentation correctly, to additionally stack
a rewrite/remap overly in each defined database section? The objective would be to achieve database specific rewrites that are not applicable to all defined databases.
e.g.
database ldap
suffix "dc=abc,dc=local"
uri "ldap://172.11.250.200/"
overlay rwm
rwm-rewriteEngine on
rwm-rewriteContext searchEntryDN
rwm-rewriteRule "^cn=(.+)?\\\\2C(.+)?,ou=users,dc=abc,dc=local$" "cn=$1_$2,ou=users,dc=abc,dc=local" ":@"
[…etc.]
database ldap
suffix "dc=xyz,dc=local"
uri "ldap://172.11.250.201/"
overlay rwm
rwm-rewriteEngine on
rwm-rewriteContext searchEntryDN
rwm-rewriteRule <some other rewrite rule here>
[…etc.]
If this is possible, does the configuration allow one to define the overlay at the “backend” level, so that it applies to all databases of the same type?
e.g.
backend ldap
overlay rwm
rwm-rewriteEngine on
database ldap
suffix "dc=abc,dc=local"
uri "ldap://172.11.250.200/"
rwm-rewriteContext searchEntryDN
rwm-rewriteRule "^cn=(.+)?\\\\2C(.+)?,ou=users,dc=abc,dc=local$" "cn=$1_$2,ou=users,dc=abc,dc=local" ":@"
[…etc.]
database ldap
suffix "dc=xyz,dc=local"
uri "ldap://172.11.250.201/"
rwm-rewriteContext searchEntryDN
rwm-rewriteRule <some other rewrite rule here>
[…etc.]
Thanks
Bryce Powell