[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Support for extensible certificate mapping

To: openldap-devel@OpenLDAP.org
Subject: Re: Support for extensible certificate mapping
From: Luke Howard <lukeh@padl.com>
Date: Thu, 23 Sep 2004 11:10:37 +1000
Organization: PADL Software Pty Ltd
References: <200409190853.i8J8r2hG069987@au.padl.com> <6.1.2.0.0.20040919153440.0420cef0@127.0.0.1> <200409200112.i8K1CtYc094796@au.padl.com>
Versions: dmail (bsd44) 2.6d/makemail 2.10

>=> bdb_search
>bdb_dn2entry("dc=dsg,dc=padl,dc=com")
>bdb(dc=dsg,dc=padl,dc=com): Locker does not exist
>bdb_cache_entry_db_lock: entry 1, rw 0, rc 22

Turns out (as pointed out by Howard) searches can't be made from the
connection listener as the thread context is not setup. So the best
we can do in the normalization function is rewrite the DN into
something which can be massaged by a SASL regexp.

Now the problem is how to treat a DN like:

cn=/C\=AU/O\=PADL Software Pty Ltd/CN\=Luke Howard/emailAddress\=lukeh@dsg.padl.com,cn=/C\=AU/O\=PADL Software Pty Ltd,cn=PKINIT,cn=auth

so that the unescaped subject and issuer can be passed into an
LDAP search filter within a sasl-regexp. 

(NB: I'm building the RDNs manually and then calling ldap_dn2bv()
with LDAP_DN_FORMAT_LDAPV2.)

Ideas?

-- Luke

--

Follow-Ups:
- Re: Support for extensible certificate mapping
  - From: Luke Howard <lukeh@padl.com>
- Re: Support for extensible certificate mapping
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Support for extensible certificate mapping
  - From: Luke Howard <lukeh@padl.com>
- Re: Support for extensible certificate mapping
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Support for extensible certificate mapping
  - From: Luke Howard <lukeh@padl.com>

Prev by Date: Re: New Phonetic Design
Next by Date: Re: Support for extensible certificate mapping
Index(es):
- Chronological
- Thread