Thomas Wunder
2010-04-14 07:51:47 UTC
Hi!
I'm currently using the rwm overlay to filter the objects from my
ou=students,dc=uni-bamberg,dc=de directory by their "o"-attribute and project
the result to ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de
Therefore I use the following section within my slapd.conf (before the
"database hdb..." section):
database relay
suffix "ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de"
overlay rwm
#rwm-rewriteEngine on
rwm-suffixmassage "ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de"
"ou=students,dc=uni-bamberg,dc=de"
rwm-rewriteContext bindDN
rwm-rewriteRule ".*" "cn=ldapadmin,dc=uni-bamberg,dc=de" ":@"
rwm-rewriteContext searchFilter
rwm-rewriteRule "(.*)" "(&(o=swt)$1)" ":@I"
searchFilter rewriting works perfectly but I also need to rewrite the bindDN
as every operation within ou=students,dc=uni-bamberg,dc=de needs to be carried
out by a particular user (cn=ldapadmin,dc=uni-bamberg,dc=de)
(the reason is that i don't want any user other than ldapadmin to be able to
write ou=students,dc=uni-bamberg,dc=de but they should be able to modifiy
entries from ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de)
according to the logs and the error reply messages there seems to be no binndn
rewriting done...
It looks like the rule never matches.
Is my rule not general enough to match each possible bindDN-String? Is
"cn=ldapadmin,dc=uni-bamberg,dc=de" (replacement string for the bindDN) not
well formatted (does it expect something else)? Does the overlay "relay"
prevent the replacement of the bindDN?
Any help appreciated!
I'm currently using the rwm overlay to filter the objects from my
ou=students,dc=uni-bamberg,dc=de directory by their "o"-attribute and project
the result to ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de
Therefore I use the following section within my slapd.conf (before the
"database hdb..." section):
database relay
suffix "ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de"
overlay rwm
#rwm-rewriteEngine on
rwm-suffixmassage "ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de"
"ou=students,dc=uni-bamberg,dc=de"
rwm-rewriteContext bindDN
rwm-rewriteRule ".*" "cn=ldapadmin,dc=uni-bamberg,dc=de" ":@"
rwm-rewriteContext searchFilter
rwm-rewriteRule "(.*)" "(&(o=swt)$1)" ":@I"
searchFilter rewriting works perfectly but I also need to rewrite the bindDN
as every operation within ou=students,dc=uni-bamberg,dc=de needs to be carried
out by a particular user (cn=ldapadmin,dc=uni-bamberg,dc=de)
(the reason is that i don't want any user other than ldapadmin to be able to
write ou=students,dc=uni-bamberg,dc=de but they should be able to modifiy
entries from ou=students,ou=people,ou=swt,ou=wiai,dc=uni-bamberg,dc=de)
according to the logs and the error reply messages there seems to be no binndn
rewriting done...
It looks like the rule never matches.
Is my rule not general enough to match each possible bindDN-String? Is
"cn=ldapadmin,dc=uni-bamberg,dc=de" (replacement string for the bindDN) not
well formatted (does it expect something else)? Does the overlay "relay"
prevent the replacement of the bindDN?
Any help appreciated!
--
Lehrstuhl für Softwaretechnik und Programmiersprachen
Fakultät WIAI, Universität Bamberg, 96045 Bamberg
Email: ***@swt-bamberg.de
Web: http://www.swt-bamberg.de/
Tel.: 0951 863-3852 / Fax: 0951 863-3855
Lehrstuhl für Softwaretechnik und Programmiersprachen
Fakultät WIAI, Universität Bamberg, 96045 Bamberg
Email: ***@swt-bamberg.de
Web: http://www.swt-bamberg.de/
Tel.: 0951 863-3852 / Fax: 0951 863-3855