Re: saslAuthzTo and regexp troubles

["Pierangelo Masarati" <ando@sys-net.it>]

> Hi,
>
> after upgrading our openldap server to the most current version, I'm
> having bad troubles with saslAuthzTo and regular expressions.
>
> Previously the following attribute setting for saslAuthzTo was working:
>
> saslAuthzTo: uid=.*,ou=MailCustomers,dc=bestsolution,dc=at

In 2.2, the DNs used in saslAuthzTo and saslAuthzFrom (note that this will
soon change into authzTo and authzFrom) default to exact; if you want
regex matching, you need to explicitly set the style to regex.  So your
rule would read

saslAuthzTo: dn.regex:uid=.*,ou=MailCustomers,dc=bestsolution,dc=at

Note that if you can give away with the "uid=" prefix, a rule like

saslAuthzTo: dn.onelevel:ou=MailCustomers,dc=bestsolution,dc=at

would save you a regcomp(), regexec().

This should be documented somewhere, e.g. in slapd.conf(5) or in the admin
guide.  I cannot find the reference right now, but I'm sure it is...

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497