[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
rwm searchAttrDN rewrite skipping some rewrites
- To: openldap-technical@openldap.org
- Subject: rwm searchAttrDN rewrite skipping some rewrites
- From: Scott Koranda <skoranda@gmail.com>
- Date: Fri, 7 Dec 2012 16:09:43 -0600
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=OEEP7qyt2VVT8OGi7PDcc5uOWTRbtqZDphvpWACX41M=; b=Sh4/1XtuZhLsf9wzdbCGGGudvkfLDhSXj1hHjXY/M9gSPr3OUgp5LpTqOxC3JvixAQ r1cxnBjNGtcMVD77n4L4oGfjyUnb9NmJOfys3xRedvphg6IpHe2Q8euFQgfLnNxjnRVB xpwDwIiMqDEBvjD/jNGswEUQA1Fj/JEZcQRBHAO0fmJPAQNimxZftUO7oG7z0agRpREk q6Fb0VhzCcJcPsEDvfXyYQyOdnEywYhikEjYLkl1DuZucJhzSxIT0/v5EBQDCBdRX1D6 Kz5O+eIMzbyDsDgtkiBXPab9ARFh7QinlJXuV8a4ZTdLlSyeO7L77CX97vexvH63tumu qDaA==
- User-agent: Mutt/1.5.20 (2009-06-14)
Hi,
I am using OpenLDAP 2.4.33 and the rwm overlay.
I am attempting to remove ("hide") certain DN entries from
returned queries.
The rwm configuration looks like
overlay rwm
rwm-rewriteEngine on
rwm-rewriteContext searchAttrDN
rwm-rewriteRule "^employeeNumber=.*$" "$0" ":@"
rwm-rewriteRule "cn=.*" "" "#"
Without the rwm overlay the query with filter
'(&(objectClass=groupOfNames)(cn=LVCGroupMembers))' member
returns
dn: cn=LVCGroupMembers,ou=LVC,ou=Communities,ou=grouper,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=1377,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
member: cn=UWashingtonGroupMembers,ou=UWashington,ou=MOU,ou=LSC,ou=LVC,ou=Communities,ou=grouper,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=19,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=1331,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=935,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=459,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
member: employeeNumber=876,ou=people,o=internal,dc=wiki,dc=myorg,dc=org
<snip>
I want to "hide" the members with DNs of the form "cn=*" (I
want to squash the nested groups).
With the rwm configuration above the hiding almost works--93
of member DNs are "hidden", but 3 are not:
$ ldapsearch -D "<some bind dn>" -w password -x -LLL -b 'dc=wiki,dc=myorg,dc=org' -H ldaps://server.somewhere '(&(objectClass=groupOfNames)(cn=LVCGroupMembers))' member | grep cn
dn: cn=LVCGroupMembers,ou=LVC,ou=Communities,ou=grouper,o=internal,dc=wiki,dc=
member: cn=AGWGGroupMembers,ou=AGWG,ou=MOU,ou=LSC,ou=LVC,ou=Communities,ou=gro
member: cn=GWUGroupMembers,ou=GWU,ou=MOU,ou=LSC,ou=LVC,ou=Communities,ou=group
member: cn=ULBGroupMembers,ou=ULB,ou=MOU,ou=LSC,ou=LVC,ou=Communities,ou=group
I checked and the 3 DNs that survive are not different in any
substantial way then the 97 DNs that are effectively hidden.
Any ideas why the 3 DNs survive the rewriting?
Thanks,
Scott