[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: commit: ldap/servers/slapd sasl.c sl_malloc.c connection.c proto-slap.h
- To: OpenLDAP Commit <openldap-commit2devel@openldap.org>
- Subject: Re: commit: ldap/servers/slapd sasl.c sl_malloc.c connection.c proto-slap.h
- From: Howard Chu <hyc@symas.com>
- Date: Wed, 14 Feb 2007 00:08:00 -0800
- In-reply-to: <200702140751.l1E7plgk041502@cantor.openldap.org>
- References: <200702140751.l1E7plgk041502@cantor.openldap.org>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a2pre) Gecko/20070213 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a
hyc@OpenLDAP.org wrote:
Update of /repo/OpenLDAP/pkg/ldap/servers/slapd
Modified Files:
sasl.c 1.245 -> 1.246
sl_malloc.c 1.40 -> 1.41
connection.c 1.393 -> 1.394
proto-slap.h 1.715 -> 1.716
Log Message:
Added "slapd" rewrite map handler, connection_fake_init2 to use existing
tmpmemctx without reinitializing
The documentation for this feature presents a bit of a problem, since most of
the functionality of librewrite is documented in slapo-rwm(5). When
SLAP_AUTH_REWRITE is defined (which it is, whenever --enable-rewrite is used)
then all of librewrite's capabilities really should be in the main slapd
documentation.
In the meantime, here's an example usage:
rwm-rewriteMap slapd cn2dn
"ldap:///dc=example,dc=com?dn?sub?(&(objectclass=person)"
rwm-rewriteContext bindDN
rwm-rewriteRule "^(cn=[^,]+),.*" "${cn2dn(($1)))}" ":@I"
This (stupid) example allows a user with a long DN to bind using just their
RDN plus any subset of the DB suffix. E.g, a user with DN
cn=Joe Bob,ou=Team1,ou=Teams,ou=Divisions,dc=example,dc=com
could bind with just cn=Joe Bob,dc=example,dc=com
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/