Re: Support for extensible certificate mapping

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

How about have your plugin generate a DN of the form
        cn=LDAPURL,cn=PKINIT,cn=auth

where LDAPURL is an LDAP URL where all characters special
to the DN syntax have been %xx escaped, then:

        sasl-regexp cn=(.*),cn=PKINIT,cn=auth $1

Kurt

At 06:46 PM 9/22/2004, Luke Howard wrote:

>>cn=/C\=AU/O\=PADL Software Pty Ltd/CN\=Luke
>>Howard/emailAddress\=lukeh@dsg.padl.com,cn=/C\=AU/O\=PADL Software Pty Ltd,cn=PKINIT,cn=auth
>>
>>so that the unescaped subject and issuer can be passed into an
>>LDAP search filter within a sasl-regexp. 
>>
>>(NB: I'm building the RDNs manually and then calling ldap_dn2bv()
>>with LDAP_DN_FORMAT_LDAPV2.)
>
>What I want to do is have the \= converted to = by the time
>$1 and $2 are evaluated. I wonder if this is actually possible...
>
>sasl-regexp cn=(.*),cn=(.*),cn=PKINIT,cn=auth ldap://$REGISTRY=Domain NC??sub?(&(objectClass=User)(altSecurityIdentities=X509:<I>$2<S>$1))
>
>-- Luke
>
>--