[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Support for extensible certificate mapping

>=> bdb_search
>bdb(dc=dsg,dc=padl,dc=com): Locker does not exist
>bdb_cache_entry_db_lock: entry 1, rw 0, rc 22

Turns out (as pointed out by Howard) searches can't be made from the
connection listener as the thread context is not setup. So the best
we can do in the normalization function is rewrite the DN into
something which can be massaged by a SASL regexp.

Now the problem is how to treat a DN like:

cn=/C\=AU/O\=PADL Software Pty Ltd/CN\=Luke Howard/emailAddress\=lukeh@dsg.padl.com,cn=/C\=AU/O\=PADL Software Pty Ltd,cn=PKINIT,cn=auth

so that the unescaped subject and issuer can be passed into an
LDAP search filter within a sasl-regexp. 

(NB: I'm building the RDNs manually and then calling ldap_dn2bv()


-- Luke