[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SuffixMassage and RewriteContext bindDN / Password Rewriting (2.2.23)

To: Tom Mitchell <tom_mitchell@mail.com>
Subject: Re: SuffixMassage and RewriteContext bindDN / Password Rewriting (2.2.23)
From: Pierangelo Masarati <ando@sys-net.it>
Date: Wed, 16 Aug 2006 12:33:46 +0200
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <20060809104707.814A71024D@ws1-3.us4.outblaze.com>
References: <20060809104707.814A71024D@ws1-3.us4.outblaze.com>
User-agent: Thunderbird 1.5.0.5 (X11/20060719)

Tom Mitchell wrote:

Hi all!

I'm trying to obfuscate the bind credentials for my LDAP proxy which have to put in cleartext in a world readable file. This lead me to two problems with the rewrite engine in the 2.2.23 LDAP backend:

1. SuffixMassage seems to work only as long as I don't add a "RewriteContext bindDN".

"Suffixmassage" is a helper to provide a shortcut configuration of DN rewriting that simply rewrites the naming context of all DNs back and forth. If you need more specific rules, you'll likely need to give up "suffixmassage" and do all the rewriting yourself, because the order of the rewrite statements does matter.

2. I want to use the rewrite engine to rewrite the password submitted by the client.

This is not possible: rewriting is limited to DNs and DN-valued attributes, so you're following the wrong trail.

p.

Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

References:
- SuffixMassage and RewriteContext bindDN / Password Rewriting (2.2.23)
  - From: "Tom Mitchell" <tom_mitchell@mail.com>

Prev by Date: Re: How to build a server with pagedResultsControl support
Next by Date: Re: back-meta assert failure
Index(es):
- Chronological
- Thread