[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: order of rewrite context processing

To: openldap-software@openldap.org
Subject: Re: order of rewrite context processing
From: Ron Peterson <rpeterso@mtholyoke.edu>
Date: Tue, 18 Mar 2008 09:18:21 -0400
Content-disposition: inline
In-reply-to: <20080317204026.GM31641@localhost.localdomain>
Mail-followup-to: openldap-software@openldap.org
Organization: Mount Holyoke College
References: <20080317204026.GM31641@localhost.localdomain>
User-agent: Mutt/1.5.9i

2008-03-17_16:40:26-0400 Ron Peterson <rpeterso@MtHolyoke.edu>:
> I'm trying to select a backend (ldap proxy) according to the the content
> of a search filter.  I've configured something like this prior to any
> backend definitions:
> ...

If I use the 'default' context, this seems to work the way I want.  I'd
prefer being able to be more specific about exactly what I want in each
context, but I think this will do.

########################################################################
rwm-rewriteContext  default
# set default 'locationprefix' to empty string
rwm-rewriteRule     ".*"
                    "${&&locationprefix("")}$0"
                    ":"

# set 'locationprefix' to letter code used to indicate
# ldap server location
rwm-rewriteRule     ".*cn=([abcde])_(.+)"
                    "${&&locationprefix($2)}$0"
                    ":"

########################################################################
rwm-rewriteContext  searchDN
# replace anything ending with suffix o=pseudobase with ${**locationprefix}<>
# set 'prefix' to string preceeding o=pseudobase
rwm-rewriteRule     "(.*)o=pseudobase"
                    "${**locationprefix}<>${&prefix($1)}"
                    ":I"

# if locationprefix was 'a', rewrite searchDN to use o=backa suffix
rwm-rewriteRule     "a{1,2}<>$"
                    "${*prefix}o=backa"
                    ":@I"

# if locationprefix was 'b', rewrite searchDN to use o=backa suffix
rwm-rewriteRule     "b{1,2}<>$"
                    "${*prefix}o=backb"
                    ":@I"
...etc...

default searchDN to uses o=backdefault suffix
rwm-rewriteRule     ".*<>$"
                    "${*prefix}o=backdefault"
                    ":"

This seems to capture any bindDN or searchFilter that contains
'cn=[abcde]_', which lets me use a letter code to indicate what ldap
server I want to query.  I can do any further rewriting I need to do in
the specific backend.

I'd anyone has any other examples of how to do something like this, or
suggesions for improvements, I'd love to see them.  Of course if I could
specify the proper suffix in the first place, that would make this
really easy.  But I'm trying to handle the case where someone types just
their username into a form, and I need to figure out where to look it
up, bind, etc.  So:

a_username
  goes to ldaps://backa.domaina/...

and

b_username
  goes to ldaps://backb.domainb/...

etc.

-- 
Ron Peterson
Network & Systems Manager
Mount Holyoke College

Follow-Ups:
- Re: order of rewrite context processing
  - From: Ron Peterson <rpeterso@mtholyoke.edu>

References:
- order of rewrite context processing
  - From: Ron Peterson <rpeterso@mtholyoke.edu>

Prev by Date: Compilation 2.3.39 on SunOS 5.8.
Next by Date: Unable to run ldapsearch
Index(es):
- Chronological
- Thread