[Date Prev][Date Next] [Chronological] [Thread] [Top]

Rewriting BindDN?

To: openldap-software@openldap.org
Subject: Rewriting BindDN?
From: "Allen S. Rout" <asr@ufl.edu>
Date: Thu, 26 Jul 2007 16:17:47 -0400

[apologies if this gets duped:  I appear to be having GMANE problems]

Greetings.  I'm trying to duplicate the docs on rewriting BindDN
before twiddling them to my actual goals.  I'm using 2.3.35 on linux
(gentoo).

I've tried to strip the twiddling I'm doing down as far as I can:

moduleload rwm
overlay rwm
rwm-rewriteEngine on
rwm-rewriteMap LDAP attr2dn "ldap://localhost/ou=People,dc=ufl,dc=edu?dn?sub";
rwm-rewriteContext bindDN
rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"


which is, I think, straight out of the docs. 

Jul 19 10:44:12 misc01 slapd[15708]: line 2 (moduleload rwm) 
Jul 19 10:44:12 misc01 slapd[15708]: loaded module rwm 
Jul 19 10:44:12 misc01 slapd[15708]: module rwm: null module registered 
Jul 19 10:44:12 misc01 slapd[15708]: line 3 (overlay rwm) 
Jul 19 10:44:12 misc01 slapd[15708]: line 5 (rwm-rewriteEngine on) 
Jul 19 10:44:12 misc01 slapd[15708]: line 7 (rwm-rewriteMap LDAP attr2dn "ldap://localhost/ou=People,dc=ufl,dc=edu?dn?sub";) 
Jul 19 10:44:12 misc01 slapd[15708]: line 9 (rwm-rewriteContext bindDN) 
Jul 19 10:44:12 misc01 slapd[15708]: line 10 (rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I") 

I think that the module is getting loaded. The 'null module' confuses
me.  But if I take out the moduleload, the overlay declaration fails,
so -something- is getting loaded, and if I take out the overlay
statement then the directives are undefined.  I can't come up with a
scenario where the module would be loaded and define all the entry
points, but not actually do anything. :) 


But when I connect, I get invalid credentials, and: 

Jul 19 10:44:33 misc01 slapd[15721]: connection_read(12): checking for input on id=0 
Jul 19 10:44:33 misc01 slapd[15721]: daemon: epoll: listen=7 active_threads=1 tvp=zero 
Jul 19 10:44:33 misc01 slapd[15721]: daemon: epoll: listen=8 active_threads=1 tvp=zero 
Jul 19 10:44:33 misc01 slapd[15721]: do_bind 
Jul 19 10:44:33 misc01 slapd[15721]: >>> dnPrettyNormal: <mail=asr@ufl.edu> 
Jul 19 10:44:33 misc01 slapd[15721]: <<< dnPrettyNormal: <mail=asr@ufl.edu>, <mail=asr@ufl.edu> 
Jul 19 10:44:33 misc01 slapd[15721]: do_bind: version=3 dn="mail=asr@ufl.edu" method=128 
Jul 19 10:44:33 misc01 slapd[15721]: conn=0 op=0 BIND dn="mail=asr@ufl.edu" method=128 
Jul 19 10:44:33 misc01 slapd[15721]: send_ldap_result: conn=0 op=0 p=3 
Jul 19 10:44:33 misc01 slapd[15721]: send_ldap_result: err=49 matched="" text="" 
Jul 19 10:44:33 misc01 slapd[15721]: send_ldap_response: msgid=1 tag=97 err=49 
Jul 19 10:44:33 misc01 slapd[15721]: conn=0 op=0 RESULT tag=97 err=49 text= 
Jul 19 10:44:33 misc01 slapd[15721]: daemon: activity on 1 descriptor 

what I find frustrating about this is that I don't even see an attempt
to (say) apply the bindDN rewrite rule.  Should I be expecting to see
that?  What config entries do I need to get some visibility into this
process?  I'm already doing loglevel -1: is there more? :)




- Allen S. Rout

Follow-Ups:
- Re: Rewriting BindDN?
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: failover config: servers with same DNS address and TLS, subjectAltName extension
Next by Date: RE: Recovery after system shutdown
Index(es):
- Chronological
- Thread