[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using openldap as a translation layer.

To: S James S Stapleton <stapleton.41@osu.edu>
Subject: Re: using openldap as a translation layer.
From: Pierangelo Masarati <ando@sys-net.it>
Date: Thu, 12 Jul 2007 22:25:09 +0200
Cc: openldap-software@openldap.org
In-reply-to: <02f501c7c4b8$9e7a9a10$1df39280@oitlan.oit.ohiostate.edu>
References: <001d01c7989c$15a76300$1df39280@oitlan.oit.ohiostate.edu> <464C8BC5.4080602@sys-net.it> <004801c798b3$d9813500$1df39280@oitlan.oit.ohiostate.edu> <464CA765.1050709@sys-net.it> <00ce01c79951$bdcfc760$1df39280@oitlan.oit.ohiostate.edu> <464DCFB8.3050102@sys-net.it> <14f001c7bfcd$42fe6e40$1df39280@oitlan.oit.ohiostate.edu> <468E3E7D.5040807@sys-net.it> <018901c7c483$8639c000$1df39280@oitlan.oit.ohiostate.edu> <46965034.6090106@sys-net.it> <023f01c7c49f$5253db60$1df39280@oitlan.oit.ohiostate.edu> <46965905.7070604@sys-net.it> <026b01c7c4ab$f8ba9e60$1df39280@oitlan.oit.ohiostate.edu> <469679D9.2030802@sys-net.it> <02f501c7c4b8$9e7a9a10$1df39280@oitlan.oit.ohiostate.edu>
User-agent: Mail/News 1.5.0.8 (X11/20061210)

S James S Stapleton wrote:

> Crud, oops, I missed that. I turned it off so I could see some
> clean-slate results for comparison. Just turned it on. The result is a
> stackdump.

You mean core dump?  Please file an ITS for that, it shouldn't happen
(you should be using the latest OpenLDAP 2.3 or so, right?).  Since
you're using Cygwin, you should be able to install gdb and get a decent
stack trace out of a non-stripped binary (e.g. the one before
installation, servers/slapd/slapd.exe).


> I'm trying to get the queries from a server people are logging into to
> translate to the form of the authentication server server. I did read
> the man page, but it has not cleared up my confusion in some of these
> matters.
> 
> The login server is sending a query, wherein the uid is set to a persons
> 'unique name', which is not part of the DN. To get the DN, you need to
> do a search on the mail address, which is the unique name + '@osu.edu'.
> The uid is a number and part of the DN, the unique name is not.
> 
> Right now it is running a query with:
> (*(objectClass=people)(uid=name.number))
> 
> and it needs to be:
> (*(objectClass=people)(mail=name.number@osu.edu))

Not sure what you mean with "queries".  If what you mean is:

"simple binds get in with some DN; the DN is not right, but it can be
used to look up the right DN"

that's one business.

Otherwise, if you mean

"plain searches come in with some filter; the filter looks for some
value of uid, but they should rather look for a value of mail that can
be derived from that of uid"

then what you should do is

rewriteContext	searchFilter
rewriteRule
	"^\\(&\\(objectClass=person\\)\\(uid=([^.]+\\.[0-9]+)\\)\\)$"
	"(&(objectClass=person)(mail=$1@osu.edu))"
	":@"

and that's it.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

References:
- Re: using openldap as a translation layer.
  - From: "S James S Stapleton" <stapleton.41@osu.edu>
- Re: using openldap as a translation layer.
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: using openldap as a translation layer.
  - From: "S James S Stapleton" <stapleton.41@osu.edu>
- Re: using openldap as a translation layer.
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: using openldap as a translation layer.
  - From: "S James S Stapleton" <stapleton.41@osu.edu>
- Re: using openldap as a translation layer.
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: using openldap as a translation layer.
  - From: "S James S Stapleton" <stapleton.41@osu.edu>
- Re: using openldap as a translation layer.
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: using openldap as a translation layer.
  - From: "S James S Stapleton" <stapleton.41@osu.edu>

Prev by Date: Re: using openldap as a translation layer.
Next by Date: Re: using openldap as a translation layer.
Index(es):
- Chronological
- Thread