[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6514) bindDN-rewriting with rwm+relay doesn't seem to work

Full_Name: Thomas Wunder
Version: 2.4.17
OS: debian sqeueeze amd64
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

I'm currently using the rwm overlay to filter the objects from my
ou=students,dc=uni-bamberg,dc=de directory by their "o"-attribute and project
the result to ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de
Therefore I use the following section within my slapd.conf (before the "database
hdb..." section):

database relay
suffix              "ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de"
overlay             rwm
#rwm-rewriteEngine  on
rwm-suffixmassage   "ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de"

rwm-rewriteContext  bindDN
rwm-rewriteRule     ".*"  "cn=ldapadmin,dc=uni-bamberg,dc=de" ":@"
rwm-rewriteContext  searchFilter
rwm-rewriteRule     "(.*)"  "(&(o=swt)$1)" ":@I"

searchFilter rewriting works perfectly but I also need to rewrite the bindDN as
every operation within ou=students,dc=uni-bamberg,dc=de needs to be carried out
by a particular user (cn=ldapadmin,dc=uni-bamberg,dc=de)
(the reason is that i don't want any user other than ldapadmin to be able to
write ou=students,dc=uni-bamberg,dc=de but they should be able to modifiy
entries within ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de)
according to the logs and the error reply messages there seems to be no binndn
rewriting done...
It looks like the rule never matches.
Is my rule not general enough to match each possible bindDN-String? Is
"cn=ldapadmin,dc=uni-bamberg,dc=de" (replacement string for the bindDN) not well
formatted (does it expect something else)? Does the overlay "relay" prevent the
replacement of the bindDN?

As you can see I don't have any idea what might be causing my problem and I hope
you can help me.