Am Dienstag 01 Februar 2011, 18:19:33 schrieb Derek Bodner: > Hello, > I'm running an ldap 2.3 server, with users setup under cn=<first name> > <last name>,ou=People,dc=org,dc=com. I have an application that is > trying to access the dn's directly, via > uid=<username>,ou=People,dc=org,dc=com > > I've setup an authz-regexp rule to try to rewrite the request: > authz-regexp > uid=([^,]*),ou=People,dc=org,dc=com > ldap:///ou=People,dc=org,dc=com??one?(uid=$1) > > > But my query still seems to be failing [..] > > > Any ideas on what I'm doing wrong ? It seems you heavily missunderstood the purpose of authz-regexp. It is only meant for converting user names as used during SASL authentication to LDAP DNs e.g. for Authorization purposes. E.g. if you authenticate against you slapd as j...@your.krb.REALM using SASL/GSSAPI you can use authz-regexp to map that name to an LDAP DN that makes sense in your setup.
For details see: http://www.openldap.org/doc/admin24/sasl.html authz-regexp is NOT - able to rewrite DNs in LDAP Simple Bind Request. - a general purpose tool to rewrite LDAP Search Results. If you can't fix you application to be more flexible in regards to how your DNs must look, it might be possible to achieve what you want through the rwm-Overlay, but I don't know the overlay well enough to say for sure. See the slapo-rwm man-page for details. Ralf -- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
