I'm trying to select a backend (ldap proxy) according to the the content
of a search filter. I've configured something like this prior to any
backend definitions:
rwm-rewriteContext bindDN
rwm-rewriteRule ".*"
"${&&bindprefix("")}$0"
":"
rwm-rewriteRule "cn=([shaum])_(.+)"
"${&&bindprefix($1)}cn=$2"
":"
rwm-rewriteContext searchFilter
rwm-rewriteRule ".*"
"${&&filterprefix("")}$0"
":"
rwm-rewriteRule "(.*)cn=([shaum])_(.+)"
"${&&filterprefix($2)}$1cn=$3"
":"
# Using this expression below breaks things. I'm guessing the searchDN
# context gets processed before searchFilter, so ${**filterprefix} is
# undefined.
# "${**bindprefix}${**filterprefix}<>${&prefix($1)}"
rwm-rewriteContext searchDN
rwm-rewriteRule "(.*)o=fc"
"${**bindprefix}<>${&prefix($1)}" <=== replace w/ above
":I"
rwm-rewriteRule "s{1,2}<>$"
"${*prefix}o=backa"
":@I"
rwm-rewriteRule "h{1,2}<>$"
"${*prefix}o=backb"
":@I"
etc...
Does searchDN get processed before searchFilter? Is there a way around
that? Is there a better way to do this? The basic concept seems to
work fine w/ bindDN, but not searchFilter.
I'm using OpenLDAP 2.4.8