[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: saslAuthz{To|From}

>I see, that's the current intended behavior,
>there's nothing to do except craft your sasl-regexp
>to something like

That seems to work, thanks!

Perhaps this should be in the release notes for 2.2.3.

What about rules for mapping N-part realm names to a distinguished name? 
(I admit that this was never particularly elegant!) I guess I can eat
the realm tokens up in the "uid=authzid" part rather than "cn=REALM".

sasl-regexp uid=(.*)/(.*),cn=(.*)\\\.(.*)\\\.(.*)\\\.(.*),cn=.*,cn=auth ldap:///DC=$3,DC=$4,DC=$5,DC=$6??sub?(&(objectClass=User)(servicePrincipalName=$1/$2))

It would be nice if the regex code explicitly supported mapping DNS-style
realm names to "dc" distinguished names... 

-- Luke