[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: saslAuthz{To|From}

>>I see, that's the current intended behavior,
>>there's nothing to do except craft your sasl-regexp
>>to something like
> That seems to work, thanks!
> Perhaps this should be in the release notes for 2.2.3.
> What about rules for mapping N-part realm names to a distinguished name?
>  (I admit that this was never particularly elegant!) I guess I can eat
> the realm tokens up in the "uid=authzid" part rather than "cn=REALM".
> sasl-regexp uid=(.*)/(.*),cn=(.*)\\\.(.*)\\\.(.*)\\\.(.*),cn=.*,cn=auth
> ldap:///DC=$3,DC=$4,DC=$5,DC=$6??sub?(&(objectClass=User)(servicePrincipalName=$1/$2))
> It would be nice if the regex code explicitly supported mapping
> DNS-style realm names to "dc" distinguished names...

you mean a sort of a "[[:dns:]]" pattern coupled to a rewrite rule
so that

sasl-regexp "uid=(.*)/(.*),cn=([[:dns:]]),cn=.*,cn=auth" \

This could be easily done by using the rewrite mechanism in sasl-regexp:

rewriteEngine   on

rewriteContext  dns2dc
rewriteRule     ".*" "<>%0" ":"
rewriteRule     "([^>]*)(<>)?([-a-zA-Z0-9]+)\.(.*)" "%1dc=%3,<>%4"
rewriteRule     "([^>]*)(<>)?([-a-zA-Z0-9]+)$" "%1dc=%3" ":"

rewriteContext  saslRegexp
rewriteRule "uid=(.*)/(.*),cn=(.*),cn=.*,cn=auth" \

testing it with

./libraries/librewrite/rewrite -r saslRegexp \


uid=ando/SYS-NET.IT,cn=sys-net.it,cn=PLAIN,cn=auth ->

pretty, isn't it? :)


Pierangelo Masarati