[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/servers/slapd sasl.c sl_malloc.c connection.c proto-slap.h

hyc@OpenLDAP.org wrote:
Update of /repo/OpenLDAP/pkg/ldap/servers/slapd

Modified Files:
	sasl.c  1.245 -> 1.246
	sl_malloc.c  1.40 -> 1.41
	connection.c  1.393 -> 1.394
	proto-slap.h  1.715 -> 1.716

Log Message:
Added "slapd" rewrite map handler, connection_fake_init2 to use existing
tmpmemctx without reinitializing

The documentation for this feature presents a bit of a problem, since most of the functionality of librewrite is documented in slapo-rwm(5). When SLAP_AUTH_REWRITE is defined (which it is, whenever --enable-rewrite is used) then all of librewrite's capabilities really should be in the main slapd documentation.

In the meantime, here's an example usage:

rwm-rewriteMap slapd cn2dn "ldap:///dc=example,dc=com?dn?sub?(&(objectclass=person)"

rwm-rewriteContext bindDN
rwm-rewriteRule "^(cn=[^,]+),.*" "${cn2dn(($1)))}" ":@I"

This (stupid) example allows a user with a long DN to bind using just their RDN plus any subset of the DB suffix. E.g, a user with DN
cn=Joe Bob,ou=Team1,ou=Teams,ou=Divisions,dc=example,dc=com
could bind with just cn=Joe Bob,dc=example,dc=com

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/