S James S Stapleton wrote: > overlay rwm > rwm-rewriteEngine on > #left here because it might be useful, to simlpify things later, but not > currently used > rwm-rewriteMap > ldap > "realBindDNLookup" > "ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub"
I got all of the above lined up in column 1. I hope it's the mailer, otherwise please read slapd.conf(5) about the syntax, and specifically about continuation lines. > # bind DN rewrite rules > rwm-rewriteContext bindDN > # extract the username from the incorrect DN, and try to use it > # as mailbox in a lookup filter "(mail=<mailbox>@domain)" to > # fetch the corresponding DN > #original > # "^uid=([^,]+)?,ou=People,dc=mywork,dc=com$" > #alt #1 > # "uid=([a-zA-Z-]+\.[\d]+)" > #alt #2 > # "\(&\(objectClass=person\)\(uid=([a-zA-Z]+\.[0-9]+)\)\)" > rwm-rewriteRule > "\(&\(objectClass=person\)\(uid=([a-zA-Z]+\.[0-9]+)\)\)" > "ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub([EMAIL PROTECTED])" I see (at least) four errors here: 1) the URI doesn't have to be here; it must be in the ldap map. Otherwise it's just treated for what it is: a string. 2) in any case, an LDAP URL needs a "?" to separate the scope ("sub") from the filter. 3) escapes need to appear twice, because "\" is the escape char for slapd.conf and for the regex. So using a single escape, like "\(objectClass=person\)", results in passing "(objectClass=person)" to regcomp(3), and the "(" ")" are treated as special regex chars. This is illustrated in slapo-rwm(5). 4) a bindDN will never look like an LDAP filter. So this rule shouldn't be in the "bindDN" rewrite context. > > "@" > # if the lookup fails, the error is ignored, and thus > # the original DN is used. > ============================================================ To obtain what you want, but in the "searchFilter" rewrite context, something like rwm-rewriteMap ldap "realBindDNLookup" "ldap://the-server:389/ou=People,dc=osu,dc=edu?entryDN?sub" rwm-rewriteContext searchFilter rwm-rewriteRule "^\\(&\\(objectClass=person\\)\\(uid=([a-zA-Z]+\\.[0-9]+)\\)\\)$" "${realBindDNLookup([EMAIL PROTECTED])}" ":@" should work. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: [EMAIL PROTECTED] ---------------------------------------