[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using openldap as a translation layer.

It is not specific to filters.  It is specific to specific contexts.
Did you read slapo-rwm(5)?

by it I was referring to the (&(a=b)(c=d)) syntax. I thought that could be used in different types of request. Sorry, still a noob with LDAP.

Yeah I read the man page, and I've been referencing it a lot while fiddling with this. Unfortunately they are only doing so much to clarify things.


So this is a search then?
============================================================
overlay rwm
rwm-rewriteEngine off


??? "off" ???


Crud, oops, I missed that. I turned it off so I could see some clean-slate results for comparison. Just turned it on. The result is a stackdump. Given your comments later in the mail, that's not surprising.


just for grins, I tried this, but with no luck either:
============================================================
rwm-rewriteRule

"^(.*)\\(&\\(objectClass=person\\)\\(uid=([a-zA-Z]+\\.[0-9]+)\\)\\)(.*)$"
 "$1(&(objectClass=person)(mail=$2@osu.edu))$3"
 "@"


Not sure what you're trying to achieve.  But slapo-rwm(5) is not the
right tool to just try and see what happens.  Unless you follow some
rationale, it can give very puzzling results (usually just nothing,
which is frustrating).

I'm trying to get the queries from a server people are logging into to translate to the form of the authentication server server. I did read the man page, but it has not cleared up my confusion in some of these matters.

The login server is sending a query, wherein the uid is set to a persons 'unique name', which is not part of the DN. To get the DN, you need to do a search on the mail address, which is the unique name + '@osu.edu'. The uid is a number and part of the DN, the unique name is not.

Right now it is running a query with:
(*(objectClass=people)(uid=name.number))

and it needs to be:
(*(objectClass=people)(mail=name.number@osu.edu))

Thanks,
-Jim Stapleton