(ITS#6912) authz-regexp DN

[daniel@pluta.biz]

Full_Name: authz-regex dnNormalize() filter expression with matching rule assertion
Version: HEAD
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:4ca0:0:fe00:200:5efe:81bb:f4c)


We tried to support/implement case-sensitive logins using SASL DIGEST-MD5.

Imagine the following partial authz-regexp statement:
ldap:///ou=users,ou=eecbcs.de,dc=foo,dc=bar??one?(uid:caseExactMatch:=$1)

During "dnNormalize" the uid is transformed into lowercase which cause the
caseExactMatch to fail:

SASL [conn=1010] Debug: DIGEST-MD5 server step 2
slap_sasl_getdn: u:id converted to uid=user1HAHA,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=user1HAHA,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=user1HAHA,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=user1HAHA,cn=digest-md5,cn=auth to a
DN
==> rewrite_context_apply [depth=1]
string='uid=user1HAHA,cn=digest-md5,cn=auth'
==> rewrite_rule_apply
rule='uid=([^,]+),cn=(PLAIN|LOGIN|OTP|DIGEST-MD5|CRAM-MD5),cn=auth'
string='uid=user1HAHA,cn=digest-md5,cn=auth' [1 pass(es)]
==> rewrite_context_apply [depth=1]
res={0,'ldap:///ou=users,ou=eecbcs.de,dc=foo,dc=bar??one?(uid:caseExactMatch:=user1haha)'}