[Date Prev][Date Next] [Chronological] [Thread] [Top]

sldapd-meta / SearchFilter rewriting does not work - any hints?


Hello OpenLDAP Gurus,

I worked with openldap some time ago and now came back
when I heard that openldap supports meta-functionality.

meta setup works rather fine but I don't succeed in
rewriting the SearchFilter.

My (simplified) setup
---------------------
local BDB database Suffix dc=bar
Subordinate META database Suffix dc=foo, dc=bar
    proxying remote suffix which is just dc=foo

  dc=bar
   +- cn=Manager,dc=bar
   +- dc=foo,dc=bar => meta to other ldap server

  dc=foo
   +- uid=test,dc=foo
   +- cn=testgroup,dc=foo

config
------
# OpenLDAP 2.2.6 on Solaris.
database        meta
suffix          "dc=foo,dc=bar"
subordinate
uri             "ldap://otherhost/dc=foo,dc=bar"
binddn          "*******"
bindpw          "*******"
rebind-as-user
rewriteEngine   on
rewriteContext  default
rewriteRule     "(.*)dc=foo,[ ]?dc=bar" "%1dc=foo"
rewriteContext  searchFilter
rewriteRule     "(.*)member=([^)]+),dc=foo,[ ]?dc=bar(.*)" "%1member=%2,dc=foo%3"
rewriteContext  searchResult
rewriteRule     "(.*)dc=foo" "%1dc=foo,dc=bar"

database        bdb
suffix          "dc=bar"
rootdn          "********"
rootpw          {MD5}*********
directory       /data/openldap/bar
index   objectClass     eq

problem(s)
----------
I can browse everything pretty fine (local and meta).

When I do a simple search for
   (uid=test)
the result below is OK (searchResult rewritten)
Result: dn:uid=test,dc=foo,dc=bar
        (original dn is just uid=test,dc=foo)

But when I search for the group using:
   (uniquemember=uid=test,dc=foo,dc=bar)
I don't get a result.
Tcpdump showed me that the following search is carried out:
  BaseDN:  dc=foo (that's correct!)
  Filter:  (uniquemember=uid=test,dc=foo,dc=bar) (incorrect!)
No rewriting takes place.

Trace (command line option "-d 1") also shows me that the rewrite
for searchResult is called but never the one for searchFilter.

?? Any hints ??
Has anybody got a similar setup which works ? Which version of openldap?
I searched bug database but didn't find a corresponding entry - so
I'm asking the mailing list first ...
Could it be a difference in schema?
What are the requirements for searchFilter being applied?

rgds,
michael