Re: Kerberos and simple binds using same password database?

["Pierangelo Masarati" <ando@sys-net.it>]

> At 05:21 AM 12/29/2004, Pierangelo Masarati wrote:
>>> Oh, plural... That changes things. I don't know if there is a
>>> 'toupper()'
>>> thingie for REGEXP, but if you can find one (I really suck at REGEXP :)
>>> you could use 'cn=(.*)' instead of 'cn=domain.tld' and then use
>>> something like '$1@toupper($2)' in your REGEXP (NOTE: This don't
>>> obviosly
>>> work - it's just an illustration!!!).
>>
>>Partially OT: "authz-regexp" in HEAD can use the rewrite features of
>>librewrite (--enable-rewrite), including writing "functions" that can be
>>invoked inside expansion.  There is no builtin toupper capability, but it
>>could be easily added by hacking librewrite.  I think at some point I
>> will
>>add the possibility to dynamically load custom bits of code for
>>specialized features.
>
> I note that most (if not all) regular expressions in slapd(8)
> are case insensitive (REG_ICASE).  (It would be nice to support
> case sensitive regexes.)

In librewrite, you can honor case (if the underline regex implementation
does it) by using the 'C' flag (which implies the REG_ICASE is not passed
to regcomp(3); see slapo-rwm(5) for details).  The rest of regex use in
slapd and OpenLDAP software is case insensitive (ACL, limits, authz
mapping).

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497