[Date Prev][Date Next]
>I see, that's the current intended behavior,
>there's nothing to do except craft your sasl-regexp
>to something like
That seems to work, thanks!
Perhaps this should be in the release notes for 2.2.3.
What about rules for mapping N-part realm names to a distinguished name?
(I admit that this was never particularly elegant!) I guess I can eat
the realm tokens up in the "uid=authzid" part rather than "cn=REALM".
sasl-regexp uid=(.*)/(.*),cn=(.*)\\\.(.*)\\\.(.*)\\\.(.*),cn=.*,cn=auth ldap:///DC=$3,DC=$4,DC=$5,DC=$6??sub?(&(objectClass=User)(servicePrincipalName=$1/$2))
It would be nice if the regex code explicitly supported mapping DNS-style
realm names to "dc" distinguished names...