I'm currently setting up slapd as a proxy and facing a challenge with rewriting LDAP attributes. I'm aware of the rewrite module (rwm) capability for DNs, but I need to apply similar functionality to LDAP attributes.
Context: Our user IDs are structured with a prefix of one or two non-essential letters followed by 8-9 important digits. My goal is to strip these letters and utilize the remaining digits to assign POSIX user/group IDs through nslcd/sssd. Unfortunately, modifications on the original LDAP server are not an option as the admins are not open to changes.
Problem: Despite several days of research and trials, including consulting resources and using ChatGPT, I've only succeeded in rewriting the DNs. I am looking to understand whether it's possible to use the rewrite functionality for attributes other than DNs and, if so, how to achieve this.
Attempts:
I have tried using both database map and ldap with the rwm overlay to manipulate attributes. My configurations have only successfully rewritten DNs but not other attributes.
Example of last try:
...
moduleload back_ldap
moduleload back_meta
database meta
...
rebind-as-user true
rewriteEngine on
rewriteContext searchResult
rewriteRule "^(uid=[a-zA-Z]*)([0-9]*)(,.*)$" "$1$2$3,posixUID=$2" ":@"
Questions:
- Is it possible to rewrite LDAP attributes using the rwm in slapd?
- If yes, how can I configure this to strip specific characters from the user ID attributes and retain the digits?
Any guidance or examples would be greatly appreciated. Thank you!
