Re: order of rewrite context processing

Fri, 21 Mar 2008 02:41:18 -0700 

Ron Peterson wrote:

I'm trying to select a backend (ldap proxy) according to the the content
of a search filter.  I've configured something like this prior to any
backend definitions:

rwm-rewriteContext  bindDN
rwm-rewriteRule     ".*"
                    "${&&bindprefix("")}$0"
                    ":"
rwm-rewriteRule     "cn=([shaum])_(.+)"
                    "${&&bindprefix($1)}cn=$2"
                    ":"

rwm-rewriteContext  searchFilter
rwm-rewriteRule     ".*"
                    "${&&filterprefix("")}$0"
                    ":"
rwm-rewriteRule     "(.*)cn=([shaum])_(.+)"
                    "${&&filterprefix($2)}$1cn=$3"
                    ":"

# Using this expression below breaks things.  I'm guessing the searchDN
# context gets processed before searchFilter, so ${**filterprefix} is
# undefined.
#                    "${**bindprefix}${**filterprefix}<>${&prefix($1)}"

rwm-rewriteContext  searchDN
rwm-rewriteRule     "(.*)o=fc"
                    "${**bindprefix}<>${&prefix($1)}" <=== replace w/ above
                    ":I"
rwm-rewriteRule     "s{1,2}<>$"
                    "${*prefix}o=backa"
                    ":@I"
rwm-rewriteRule     "h{1,2}<>$"
                    "${*prefix}o=backb"
                    ":@I"
etc...

Does searchDN get processed before searchFilter?  Is there a way around
that?  Is there a better way to do this?  The basic concept seems to
work fine w/ bindDN, but not searchFilter.

I'm using OpenLDAP 2.4.8
See <http://www.openldap.org/lists/openldap-software/200712/msg00127.html>. 
The only way around I see right now is either hack the code.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   [EMAIL PROTECTED]
---------------------------------------

Reply via email to