[Issue 9594] The characters not allowed in SASL ids used with olcAuthzRegexp are undocumented

26 Jun 2021


      https://bugs.openldap.org/show_bug.cgi?id=9594
--- Comment #3 from Howard Chu hyc@openldap.org ---
(In reply to Karl O. Pinc from comment #2)
...
You cannot make arbitrary mappings to DNs.  As a trivial
example, you can't write an identity transformation:
olcAuthzRegexp "UID=([^,]*),CN=.*" "dn:$1"
The escaping prevents the generation of a valid DN.
The UID value must be a valid SASL userID. So again, "what is valid" is
specific to the SASL mechanism in use, but there are no SASL mechanisms
that use DNs as userIDs. So the above example is never valid.
...
And you can't generate one or more "attr=value" components of a DN:
olcAuthzRegexp "UID=([^,]*),CN=.*" "dn:$1,OU=Accounts,DC=example,DC=com"
Same applies here.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 9594] The characters not allowed in SASL ids used with olcAuthzRegexp are undocumented