[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Support for extensible certificate mapping
How about have your plugin generate a DN of the form
cn=LDAPURL,cn=PKINIT,cn=auth
where LDAPURL is an LDAP URL where all characters special
to the DN syntax have been %xx escaped, then:
sasl-regexp cn=(.*),cn=PKINIT,cn=auth $1
Kurt
At 06:46 PM 9/22/2004, Luke Howard wrote:
>>cn=/C\=AU/O\=PADL Software Pty Ltd/CN\=Luke
>>Howard/emailAddress\=lukeh@dsg.padl.com,cn=/C\=AU/O\=PADL Software Pty Ltd,cn=PKINIT,cn=auth
>>
>>so that the unescaped subject and issuer can be passed into an
>>LDAP search filter within a sasl-regexp.
>>
>>(NB: I'm building the RDNs manually and then calling ldap_dn2bv()
>>with LDAP_DN_FORMAT_LDAPV2.)
>
>What I want to do is have the \= converted to = by the time
>$1 and $2 are evaluated. I wonder if this is actually possible...
>
>sasl-regexp cn=(.*),cn=(.*),cn=PKINIT,cn=auth ldap://$REGISTRY=Domain NC??sub?(&(objectClass=User)(altSecurityIdentities=X509:<I>$2<S>$1))
>
>-- Luke
>
>--