[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: order of rewrite context processing

2008-03-17_16:40:26-0400 Ron Peterson <rpeterso@MtHolyoke.edu>:

> Does searchDN get processed before searchFilter?  Is there a way around
> that?  Is there a better way to do this?  The basic concept seems to
> work fine w/ bindDN, but not searchFilter.

I guess I'm back to my original question.  Below, I'm simply hardcoding
the value of ${**case}, and otherwise leaving the searchFilter or bindDN
string alone.  If I uncomment my searchFilter rule as below, I get a
'searchDN massage error'.  I don't have any searchDN rules anywhere
else.  If I comment my searchFilter rule, and uncomment my bindDN rule,
it works fine.  OpenLDAP 2.4.8.

# Global rewrite rules, before any backend definitions
overlay             rwm
rwm-rewriteEngine   on

# This does not work
rwm-rewriteContext  searchFilter
rwm-rewriteRule     ".*"

# This works
# rwm-rewriteContext  bindDN
# rwm-rewriteRule     ".*"
#                     "${&&case(m)}$0"
#                     ":"

rwm-rewriteContext  searchDN
rwm-rewriteRule     "(.*)o=fc"
rwm-rewriteRule     "m{1,2}<>$"
rwm-rewriteRule     ".*<>$"

1304# ldapsearch -x -W -D "cn=username,o=m" -b "o=fc" '(cn=somebody)'
Enter LDAP Password: xxxxx

# extended LDIF
# LDAPv3
# base <o=fc> with scope subtree
# filter: (cn=somebody)
# requesting: ALL

# search result
search: 2
result: 80 Other (e.g., implementation specific) error
text: searchDN massage error

Ron Peterson
Network & Systems Manager
Mount Holyoke College