[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RWM and bind using mail address

> It doesn't. Let me try to explain what I intend to do:
> Take an email as input to the meta LDAP. someone@a.somewhere.com
> Based on the suffix (a.somewhere.com) determine the proper backend
> database to query (dc=a,dc=somewhere,dc=com) and rewrite the postfix
> (someone) to a value specific for the choosen backend. E.g. uid=someone
> or cn=someone. Now find the dn for the value (uid=someone) in the
> backend and do a bind. Naturally there should be several backend defined
> b.somewhere.com, c.somewhere.com etc.
> Is this not possible?

You could use (2.3 only) a global instance of the slapo-rwm overlay to
trap binds with "mail=someone@somewhere" as DN and rewrite them as
"uid=someone,dc=somewhere", so that further database selection uses that
DN instead of the "mail=..." stuff.  This requires some manipulation of
rewrite rules.  If you use 2.2 you could do:

database <whatever>
suffix "dc=whatever1"
# ...

database <whatever>
suffix "dc=whatever2"
# ...

database meta
suffix ""

uri "ldap:///dc=whatever1";
# rewrite rules in bindDN context that map "mail=someone@whatever1"
# into "uid=someone,dc=whatever1"

uri "ldap:///dc=whatever2";
# rewrite rules in bindDN context that map "mail=someone@whatever1"
# into "uid=someone,dc=whatever1"

The "meta" database would get caught only by requests that don't map to
other databases, i.e. I assume only by binds; the DN would be rewritten as
you design, and then reinjected into the server for further
authentication.  The other operations would directly affect the
appropriate database.  Is this what you mean?


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it