a database would intercept this operation only if it's suffix is empty ("").
My problem is on authentification.
The applications which use it connect in simple authentification but without context!!!!
Ex: cn=toto with his password is all
I tried to connect me by creating a script to bind in backend Shell
This is something you could solve using a global overlay that intercepts the bind operation before it gets to database selection. As already commented by Michael from one point of view, and Aaron from another, what you need is to intercept bind operations and handle them. For example, at SysNet we developed a trivial overlay that implements simple bind as "cn=Directory Manager", which appears to be the hardcoded directory administrator's DN in some proprietary DSA implementations. This was never posted to the list because it's absolutely trivial; if you need to perform simple bind with a single, specific DN with credentials stored in the configuration, I can post it (give me time to dig it out). The other solutions you've been pointed at are fine as well, although they require a bit more work to be configured and set up.
but connection is not even accepted and script is not called whereas it is it by specifying the context.
I tested the rules of rwm, but it is similar these rules are not called upon either
Cheers, p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------