Hello, You are right, I did misinterpret authz-regexp to be a more general query rewriter. I had actually come to this conclusion about an hour after sending this email. Sorry for the wasted time. I'm taking a look at the rwm overlay now.
Thank you for your time. On Wed, Feb 2, 2011 at 6:21 AM, Ralf Haferkamp <[email protected]> wrote: > Am Dienstag 01 Februar 2011, 18:19:33 schrieb Derek Bodner: > > Hello, > > I'm running an ldap 2.3 server, with users setup under cn=<first name> > > <last name>,ou=People,dc=org,dc=com. I have an application that is > > trying to access the dn's directly, via > > uid=<username>,ou=People,dc=org,dc=com > > > > I've setup an authz-regexp rule to try to rewrite the request: > > authz-regexp > > uid=([^,]*),ou=People,dc=org,dc=com > > ldap:///ou=People,dc=org,dc=com??one?(uid=$1) > > > > > > But my query still seems to be failing > [..] > > > > > > Any ideas on what I'm doing wrong ? > It seems you heavily missunderstood the purpose of authz-regexp. It is > only meant for converting user names as used during SASL authentication > to LDAP DNs e.g. for Authorization purposes. E.g. if you authenticate > against you slapd as [email protected] using SASL/GSSAPI you can use > authz-regexp to map that name to an LDAP DN that makes sense in your > setup. > > For details see: http://www.openldap.org/doc/admin24/sasl.html > > authz-regexp is NOT > - able to rewrite DNs in LDAP Simple Bind Request. > - a general purpose tool to rewrite LDAP Search Results. > > If you can't fix you application to be more flexible in regards to how > your DNs must look, it might be possible to achieve what you want through > the rwm-Overlay, but I don't know the overlay well enough to say for > sure. See the slapo-rwm man-page for details. > > Ralf > > -- > SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) > -- Derek Bodner [email protected]
