>> On Fri, 27 Jul 2007 09:16:01 +0200, Pierangelo Masarati <[EMAIL PROTECTED]>
>> said:
> You don't provide enough information (e.g. the rest of your
> slapd.conf). Apparently, no attempt to rewrite the bind DN ever
> takes place. I guess there's no database that can handle that
> request and pass it to the rwm overlay.
My apologies: I was trying not to include too much data. But that may
be an aspect I just missed: I've been focusing on the rewrite
mechanics. The examples in slapo-rwm don't seem to specify an
enclosing database, including the example I'm trying to duplicate. I'm
not sure how to work out what is required.
# Then we need to detect DN made up of a single email,
# e.g. [EMAIL PROTECTED]'; note that the rule
# in case of match stops rewriting; in case of error,
# it is ignored. In case we are mapping virtual
# to real naming contexts, we also need to rewrite
# regular DNs, because the definition of a bindDN
# rewrite context overrides the default definition.
rwm-rewriteContext bindDN
rwm-rewriteRule "^mail=[^,[EMAIL PROTECTED],]+$" "${attr2dn($0)}" ":@I"
That seems to be talking about a DN without any suffix at all; i.e.
ldapsearch -x -D "[EMAIL PROTECTED]" -W
bare. I infer from your comment that I need to define a database with
a blank suffix, and express this rewrite rule within that? I'll set
about attempting this.
If there's some better FM which I should be Ring, I'll be more than
content with a pointer to it. I googled rather a lot before getting to
this point, and the slapo-rwm man page appears to be the most detailed
document available.
If I get it working, would the Lords of LDAP entertain a doc patch?
- Allen S. Rout
