Full_Name: authz-regex dnNormalize() filter expression with matching rule assertion Version: HEAD OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:4ca0:0:fe00:200:5efe:81bb:f4c)
We tried to support/implement case-sensitive logins using SASL DIGEST-MD5.
Imagine the following partial authz-regexp statement: ldap:///ou=users,ou=eecbcs.de,dc=foo,dc=bar??one?(uid:caseExactMatch:=$1)
During "dnNormalize" the uid is transformed into lowercase which cause the caseExactMatch to fail:
SASL [conn=1010] Debug: DIGEST-MD5 server step 2 slap_sasl_getdn: u:id converted to uid=user1HAHA,cn=DIGEST-MD5,cn=auth
dnNormalize: <uid=user1HAHA,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=user1HAHA,cn=digest-md5,cn=auth> ==>slap_sasl2dn: converting SASL name uid=user1HAHA,cn=digest-md5,cn=auth to a DN ==> rewrite_context_apply [depth=1] string='uid=user1HAHA,cn=digest-md5,cn=auth' ==> rewrite_rule_apply rule='uid=([^,]+),cn=(PLAIN|LOGIN|OTP|DIGEST-MD5|CRAM-MD5),cn=auth' string='uid=user1HAHA,cn=digest-md5,cn=auth' [1 pass(es)] ==> rewrite_context_apply [depth=1] res={0,'ldap:///ou=users,ou=eecbcs.de,dc=foo,dc=bar??one?(uid:caseExactMatch:=user1haha)'}
-
daniel@pluta.biz