[Date Prev][Date Next] [Chronological] [Thread] [Top]

saslRegexp limits syntax of regular expressions (ITS#1951)

To: openldap-its@OpenLDAP.org
Subject: saslRegexp limits syntax of regular expressions (ITS#1951)
From: andrew.findlay@skills-1st.co.uk
Date: Mon, 15 Jul 2002 17:24:15 GMT

Full_Name: Andrew Findlay
Version: HEAD 15 July 2002
OS: Linux Redhat 7.3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (217.206.98.194)


The regular expression given in a saslRegexp config option gets fed through
dnNormalize2(). This seems to restrict the possible regex syntax. For example:

saslRegexp
          uid=([^,]*),cn=.*,cn=auth
          ldap:///dc=example,dc=org??sub?uid=$1

The intention here is to assign everything up to the first ',' to the UID.
This fails with the error:

Jul 15 18:12:09 brick slapd[13122]: line 43 (saslRegexp
uid=([^,]*),cn=.*,cn=auth          ldap:///dc=example,dc=org??sub?uid=$1) 
Jul 15 18:12:09 brick slapd[13122]: >>> dnNormalize: <uid=([^,]*),cn=.*,cn=auth>

Jul 15 18:12:09 brick slapd[13122]: SASL match pattern uid=([^,]*),cn=.*,cn=auth
could not be normalized. 
Jul 15 18:12:09 brick slapd[13122]: slapd shutdown: freeing system resources. 

Regular expressions are not DNs: surely it is better not to try normalizing them
at all.

Prev by Date: SLAPD fails to handle concurrent SASL logins (ITS#1949)
Next by Date: SASL leak in slapd (ITS#1952)
Index(es):
- Chronological
- Thread