[Date Prev][Date Next] [Chronological] [Thread] [Top]

saslRegexp limits syntax of regular expressions (ITS#1951)

Full_Name: Andrew Findlay
Version: HEAD 15 July 2002
OS: Linux Redhat 7.3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

The regular expression given in a saslRegexp config option gets fed through
dnNormalize2(). This seems to restrict the possible regex syntax. For example:


The intention here is to assign everything up to the first ',' to the UID.
This fails with the error:

Jul 15 18:12:09 brick slapd[13122]: line 43 (saslRegexp
uid=([^,]*),cn=.*,cn=auth          ldap:///dc=example,dc=org??sub?uid=$1) 
Jul 15 18:12:09 brick slapd[13122]: >>> dnNormalize: <uid=([^,]*),cn=.*,cn=auth>

Jul 15 18:12:09 brick slapd[13122]: SASL match pattern uid=([^,]*),cn=.*,cn=auth
could not be normalized. 
Jul 15 18:12:09 brick slapd[13122]: slapd shutdown: freeing system resources. 

Regular expressions are not DNs: surely it is better not to try normalizing them
at all.