[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rwm-rewriteMap for bindDN and slapo-ppolicy

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: rwm-rewriteMap for bindDN and slapo-ppolicy
From: Michael Ströder <michael@stroeder.com>
Date: Sat, 08 Feb 2014 15:50:57 +0100
In-reply-to: <52F641C0.6060505@stroeder.com>
References: <52F641C0.6060505@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 SeaMonkey/2.24

Michael Ströder wrote:
> I'm trying to use slapo-rwm to simplify bind-DNs used. I'm also using
> slapo-lastbind to record the last simple bind timestamp and slapo-ppolicy also
> for recording pwdFailureTime.
> 
> Using latest RE24 of course.
> 
> Something like this defined *within* the database section:
> 
> ---------------------- snip ----------------------
> overlay accesslog
> [..]
> 
> rwm-rewriteMap slapd uid2dn "ldap:///o=example?entryDN?sub?";
> rwm-rewriteContext bindDN
> rwm-rewriteRule "^(uid=[^,]+),o=example$" "${uid2dn($1)}" ":@I"
> 
> overlay lastbind
> 
> overlay ppolicy
> ppolicy_default cn=ppolicy-default,cn=ampua,ou=ampua
> ppolicy_hash_cleartext
> ppolicy_use_lockout
> 
> slapo-lastbind correctly updates the attribute 'authTimestamp' in the entry
> referenced by the rewritten bind-DN.
> 
> slapo-ppolicy does *not* correctly update the attribute 'pwdFailureTime' in
> the entry referenced by the rewritten bind-DN.
> ---------------------- snip ----------------------

Hmm, updating 'pwdFailureTime' works after moving the rewrite stuff to global
configuration section. Hope this does not break something else.

slapo-rwm is scary.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- rwm-rewriteMap for bindDN and slapo-ppolicy
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: rwm-rewriteMap for bindDN and slapo-ppolicy
Next by Date: Re: SASL DIGEST-MD5 works but PLAIN/LOGIN fails
Index(es):
- Chronological
- Thread