> It doesn't. Let me try to explain what I intend to do: > > Take an email as input to the meta LDAP. [EMAIL PROTECTED] > > Based on the suffix (a.somewhere.com) determine the proper backend > database to query (dc=a,dc=somewhere,dc=com) and rewrite the postfix > (someone) to a value specific for the choosen backend. E.g. uid=someone > or cn=someone. Now find the dn for the value (uid=someone) in the > backend and do a bind. Naturally there should be several backend defined > b.somewhere.com, c.somewhere.com etc. > > Is this not possible?
You could use (2.3 only) a global instance of the slapo-rwm overlay to trap binds with "[EMAIL PROTECTED]" as DN and rewrite them as "uid=someone,dc=somewhere", so that further database selection uses that DN instead of the "mail=..." stuff. This requires some manipulation of rewrite rules. If you use 2.2 you could do: database <whatever> suffix "dc=whatever1" # ... database <whatever> suffix "dc=whatever2" # ... database meta suffix "" uri "ldap:///dc=whatever1"; # rewrite rules in bindDN context that map "[EMAIL PROTECTED]" # into "uid=someone,dc=whatever1" uri "ldap:///dc=whatever2"; # rewrite rules in bindDN context that map "[EMAIL PROTECTED]" # into "uid=someone,dc=whatever1" The "meta" database would get caught only by requests that don't map to other databases, i.e. I assume only by binds; the DN would be rewritten as you design, and then reinjected into the server for further authentication. The other operations would directly affect the appropriate database. Is this what you mean? p. Ing. Pierangelo Masarati Responsabile Open Solution OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
