[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using openldap as a translation layer.

S James S Stapleton wrote:

> I didn't realize that was specific to filters.

It is not specific to filters.  It is specific to specific contexts.
Did you read slapo-rwm(5)?

> So this is a search then?
> ============================================================
> overlay rwm
> rwm-rewriteEngine off

??? "off" ???

> 
> #note: I changed the name of the filter since the original name wasn't
> usefully descriptive
> rwm-rewriteMap
>  ldap
>  "realMailSearchLookup"
>  "ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub";
> 
> rwm-rewriteContext searchFilter

Rules that follow will be invoked only during searches, passing the
search filter

> 
> 
> rwm-rewriteRule
>  "^\\(&\\(objectClass=person\\)\\(uid=([a-zA-Z]+\\.[0-9]+)\\)\\)$"

This pattern is supposed to be filter specific, as it is defined for a
"searchFilter" context

>  "${RealMailSearchLookup(mail=$1@osu.edu)}" ":@"

The result of the map lookup will be used as search filter, replacing
the original filter.  But your map returns a DN, which is __NOT__ a
valid search filter.  So the remote server will barf (unless local
controls reject the search without even contacting the remote server;
I'm not sure about this).

>  ":@"
> 
> 
> #added because it didn't seem to be matching anything
> #rwm-rewriteContext searchDN alias searchFilter

A "searchDN" context cannot use rules defined for filters, since it is
supposed to be passed and to return a DN, and a filter and a DN usually
differ radically.

> #rwm-rewriteContext searchFilterAttrDN alias searchFilter

Same as above.

> just for grins, I tried this, but with no luck either:
> ============================================================
> rwm-rewriteRule
>  "^(.*)\\(&\\(objectClass=person\\)\\(uid=([a-zA-Z]+\\.[0-9]+)\\)\\)(.*)$"
>  "$1(&(objectClass=person)(mail=$2@osu.edu))$3"
>  "@"

Not sure what you're trying to achieve.  But slapo-rwm(5) is not the
right tool to just try and see what happens.  Unless you follow some
rationale, it can give very puzzling results (usually just nothing,
which is frustrating).

I'd rather go back and describe what you want to obtain.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------