[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6514) bindDN-rewriting with rwm+relay doesn't seem to work

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6514) bindDN-rewriting with rwm+relay doesn't seem to work
From: masarati@aero.polimi.it
Date: Mon, 12 Apr 2010 15:28:36 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

> Full_Name: Thomas Wunder
> Version: 2.4.17
> OS: debian sqeueeze amd64
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (141.13.106.69)

I don't see a clear evidence of a bug.  Software usage questions must be
directed to the openldap-software list.  Moreover, I just tried your
verbatim configuration with the most recent code (while you're using an
older release), and it seems to work as expected.  This ITS will be
closed.

p.

> I'm currently using the rwm overlay to filter the objects from my
> ou=students,dc=uni-bamberg,dc=de directory by their "o"-attribute and
> project
> the result to ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de
> Therefore I use the following section within my slapd.conf (before the
> "database
> hdb..." section):
>
> database relay
> suffix
> "ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de"
> overlay             rwm
> #rwm-rewriteEngine  on
> rwm-suffixmassage
> "ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de"
>
>                     "ou=students,dc=uni-bamberg,dc=de"
> rwm-rewriteContext  bindDN
> rwm-rewriteRule     ".*"  "cn=ldapadmin,dc=uni-bamberg,dc=de" ":@"
> rwm-rewriteContext  searchFilter
> rwm-rewriteRule     "(.*)"  "(&(o=swt)$1)" ":@I"
>
> searchFilter rewriting works perfectly but I also need to rewrite the
> bindDN as
> every operation within ou=students,dc=uni-bamberg,dc=de needs to be
> carried out
> by a particular user (cn=ldapadmin,dc=uni-bamberg,dc=de)
> (the reason is that i don't want any user other than ldapadmin to be able
> to
> write ou=students,dc=uni-bamberg,dc=de but they should be able to modifiy
> entries within ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de)
> according to the logs and the error reply messages there seems to be no
> binndn
> rewriting done...
> It looks like the rule never matches.
> Is my rule not general enough to match each possible bindDN-String? Is
> "cn=ldapadmin,dc=uni-bamberg,dc=de" (replacement string for the bindDN)
> not well
> formatted (does it expect something else)? Does the overlay "relay"
> prevent the
> replacement of the bindDN?
>
> As you can see I don't have any idea what might be causing my problem and
> I hope
> you can help me.
>
>
>

Prev by Date: Re: (ITS#6507) backglue and paged results issue
Next by Date: Re: (ITS#6513) dynacl/aci fails on searches with attributes
Index(es):
- Chronological
- Thread