Hi,
I have th following directive in the slapd.conf:
authz-regexp
gidNumber=([^0][0-9]+).uidNumber=([^0][0-9]+),cn=peercred,cn=external,cn=auth
ldapi:///ou=people,dc=local???(uidNumber=$2)
but server is unable to fetch (slap_sasl2dn: Converted SASL name to <nothing>)
here is trace output (slapd -d 2177 -h "ldapi:/// ldaps:/// ldap:///";):
50ca62b8 >>> dnPrettyNormal: <>
50ca62b8 <<< dnPrettyNormal: <>, <>
50ca62b8 do_bind: dn () SASL mech EXTERNAL
50ca62b8 ==>slap_sasl2dn: converting SASL name
gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth to a DN
50ca62b8 ==> rewrite_context_apply [depth=1]
string='gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth'
50ca62b8 ==> rewrite_rule_apply
rule='gidNumber=([^0][0-9]+).uidNumber=([^0][0-9]+),cn=peercred,cn=external,cn=auth'
string='gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth'
[1 pass(es)]
50ca62b8 ==> rewrite_context_apply [depth=1]
res={0,'ldapi:///ou=people,dc=local??sub?(uidNumber=1000)'}
50ca62b8 slap_parseURI: parsing
ldapi:///ou=people,dc=local??sub?(uidNumber=1000)
ldap_url_parse_ext(ldapi:///ou=people,dc=local??sub?(uidNumber=1000))
50ca62b8 <==slap_sasl2dn: Converted SASL name to <nothing>
50ca62b8 SASL Authorize [conn=1001]: proxy authorization allowed authzDN=""
50ca62b8 send_ldap_sasl: err=0 len=-1
50ca62b8 do_bind: SASL/EXTERNAL bind:
dn="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth"
sasl_ssf=0
50ca62b8 send_ldap_response: msgid=1 tag=97 err=0
Direct sasl authz mapping works fine, but URI does not, what's wrong
with this stuff?
How I can check URI correctness for slapd or get tracing info from
ldap_url_parse_ext/slap_sasl2dn about why they returned nothing?
With wich access rights slapd does its internal query ? How to configure them ?