[Date Prev][Date Next] [Chronological] [Thread] [Top]

bindDN-rewriting - can't get to grips with overlays rwm+relay



Hi!
I'm currently using the rwm overlay to filter the objects from my
ou=students,dc=uni-bamberg,dc=de directory by their "o"-attribute and project
the result to ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de
Therefore I use the following section within my slapd.conf (before the 
"database hdb..." section):

database relay
suffix              "ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de"
overlay             rwm
#rwm-rewriteEngine  on
rwm-suffixmassage   "ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de"
                    "ou=students,dc=uni-bamberg,dc=de"
rwm-rewriteContext  bindDN
rwm-rewriteRule     ".*"  "cn=ldapadmin,dc=uni-bamberg,dc=de" ":@"
rwm-rewriteContext  searchFilter
rwm-rewriteRule     "(.*)"  "(&(o=swt)$1)" ":@I"

searchFilter rewriting works perfectly but I also need to rewrite the bindDN 
as every operation within ou=students,dc=uni-bamberg,dc=de needs to be carried 
out by a particular user (cn=ldapadmin,dc=uni-bamberg,dc=de)
(the reason is that i don't want any user other than ldapadmin to be able to
write ou=students,dc=uni-bamberg,dc=de but they should be able to modifiy
entries from ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de)
according to the logs and the error reply messages there seems to be no binndn
rewriting done...
It looks like the rule never matches.
Is my rule not general enough to match each possible bindDN-String? Is
"cn=ldapadmin,dc=uni-bamberg,dc=de" (replacement string for the bindDN) not 
well formatted (does it expect something else)? Does the overlay "relay" 
prevent the replacement of the bindDN?

Any help appreciated!

-- 
Lehrstuhl für Softwaretechnik und Programmiersprachen
Fakultät WIAI, Universität Bamberg, 96045 Bamberg

Email: thomas.wunder@swt-bamberg.de
Web: http://www.swt-bamberg.de/
Tel.: 0951 863-3852 / Fax: 0951 863-3855