[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
saslRegexp limits syntax of regular expressions (ITS#1951)
Full_Name: Andrew Findlay
Version: HEAD 15 July 2002
OS: Linux Redhat 7.3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (217.206.98.194)
The regular expression given in a saslRegexp config option gets fed through
dnNormalize2(). This seems to restrict the possible regex syntax. For example:
saslRegexp
uid=([^,]*),cn=.*,cn=auth
ldap:///dc=example,dc=org??sub?uid=$1
The intention here is to assign everything up to the first ',' to the UID.
This fails with the error:
Jul 15 18:12:09 brick slapd[13122]: line 43 (saslRegexp
uid=([^,]*),cn=.*,cn=auth ldap:///dc=example,dc=org??sub?uid=$1)
Jul 15 18:12:09 brick slapd[13122]: >>> dnNormalize: <uid=([^,]*),cn=.*,cn=auth>
Jul 15 18:12:09 brick slapd[13122]: SASL match pattern uid=([^,]*),cn=.*,cn=auth
could not be normalized.
Jul 15 18:12:09 brick slapd[13122]: slapd shutdown: freeing system resources.
Regular expressions are not DNs: surely it is better not to try normalizing them
at all.