Full_Name: Daniel Pluta Version: 2.4.23 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:4ca0:0:fe15::1) 1.) Following authz-regexp statement looks and works fine with slapd: authz-regexp uid=([^,]+)@([^,]+),cn=(PLAIN|LOGIN|DIGEST-MD5|CRAM-MD5),cn=auth "ldap:///ou=users,ou=$1,dc=foo,dc=bar??one?(mail=$2)" do_bind: dn () SASL mech DIGEST-MD5 SASL [conn=1000] Debug: DIGEST-MD5 server step 2 slap_sasl_getdn: u:id converted to uid=domain@user,cn=DIGEST-MD5,cn=auth <<< dnNormalize: <uid=domain@user,cn=digest-md5,cn=auth> ==>slap_sasl2dn: converting SASL name uid=domain@user,cn=digest-md5,cn=auth to a DN ==> rewrite_context_apply [depth=1] string='uid=domain@user,cn=digest-md5,cn=auth' ==> rewrite_rule_apply rule='uid=([^,]+)@([^,]+),cn=(PLAIN|LOGIN|DIGEST-MD5|CRAM-MD5),cn=auth' string='uid=domain@user,cn=digest-md5,cn=auth' [1 pass(es)] ==> rewrite_context_apply [depth=1] res={0,'ldap:///ou=users,ou=domain,dc=foo,dc=bar??one?(mail=user)'} slap_parseURI: parsing ldap:///ou=users,ou=domain,dc=foo,dc=bar??one?(mail=user) ldap_url_parse_ext(ldap:///ou=users,ou=domain,dc=foo,dc=bar??one?(mail=user)) put_filter: "(mail=user)" put_filter: simple put_simple_filter: "mail=user" ber_scanf fmt ({mm}) ber: <<< dnNormalize: <ou=users,ou=domain,dc=foo,dc=bar> slap_sasl2dn: performing internal search (base=ou=users,ou=domain,dc=foo,dc=bar, scope=1) => hdb_search bdb_dn2entry("ou=users,ou=domain,dc=foo,dc=bar") => hdb_dn2id("ou=domain,dc=foo,dc=bar") ========================================================================== 1.) Following authz-regexp where the @-separator is replaced by a \-separator seems to cause problems: authz-regexp uid=([^,]+)\\([^,]+),cn=(PLAIN|LOGIN|DIGEST-MD5|CRAM-MD5),cn=auth "ldap:///ou=users,ou=$1,dc=foo,dc=bar??one?(mail=$2)" Looks strange: do_bind: dn () SASL mech DIGEST-MD5 SASL [conn=1000] Debug: DIGEST-MD5 server step 2 slap_sasl_getdn: u:id converted to uid=domain\5Cuser,cn=DIGEST-MD5,cn=auth <<< dnNormalize: <uid=domain\5Cuser,cn=digest-md5,cn=auth> ==>slap_sasl2dn: converting SASL name uid=domain\5Cuser,cn=digest-md5,cn=auth to a DN ==> rewrite_context_apply [depth=1] string='uid=domain\5Cuser,cn=digest-md5,cn=auth' ==> rewrite_rule_apply rule='uid=([^,]+)\([^,]+),cn=(PLAIN|LOGIN|DIGEST-MD5|CRAM-MD5),cn=auth' string='uid=domain\5Cuser,cn=digest-md5,cn=auth' [1 pass(es)] ==> rewrite_context_apply [depth=1] res={0,'uid=domain\5Cuser,cn=digest-md5,cn=auth'} slap_parseURI: parsing uid=domain\5Cuser,cn=digest-md5,cn=auth ldap_url_parse_ext(uid=domain\5Cuser,cn=digest-md5,cn=auth) <<< dnNormalize: <uid=domain\5Cuser,cn=digest-md5,cn=auth> <==slap_sasl2dn: Converted SASL name to uid=domain\5Cuser,cn=digest-md5,cn=auth slap_sasl_getdn: dn:id converted to uid=domain\5Cuser,cn=digest-md5,cn=auth ========================================================================== 3. Just one more try to using "[\\]" instead of "\\" authz-regexp uid=([^,]+)[\\]([^,]+),cn=(PLAIN|LOGIN|DIGEST-MD5|CRAM-MD5),cn=auth "ldap:///ou=users,ou=$1,dc=foo,dc=bar??one?(mail=$2)" Looks strange too: do_bind: dn () SASL mech DIGEST-MD5 SASL [conn=1000] Debug: DIGEST-MD5 server step 2 slap_sasl_getdn: u:id converted to uid=domain\5Cuser,cn=DIGEST-MD5,cn=auth <<< dnNormalize: <uid=domain\5Cuser,cn=digest-md5,cn=auth> ==>slap_sasl2dn: converting SASL name uid=domain\5Cuser,cn=digest-md5,cn=auth to a DN ==> rewrite_context_apply [depth=1] string='uid=domain\5Cuser,cn=digest-md5,cn=auth' ==> rewrite_rule_apply rule='uid=([^,]+)[\]([^,]+),cn=(PLAIN|LOGIN|DIGEST-MD5|CRAM-MD5),cn=auth' string='uid=domain\5Cuser,cn=digest-md5,cn=auth' [1 pass(es)] ==> rewrite_context_apply [depth=1] res={0,'ldap:///ou=users,ou=domain,dc=foo,dc=bar??one?(mail=5Cuser)'} slap_parseURI: parsing ldap:///ou=users,ou=domain,dc=foo,dc=bar??one?(mail=5Cuser) ldap_url_parse_ext(ldap:///ou=users,ou=domain,dc=foo,dc=bar??one?(mail=5Cuser)) put_filter: "(mail=5Cuser)" put_filter: simple put_simple_filter: "mail=5Cuser" ber_scanf fmt ({mm}) ber: <<< dnNormalize: <ou=users,ou=domain,dc=foo,dc=bar> slap_sasl2dn: performing internal search (base=ou=users,ou=domain,dc=foo,dc=bar, scope=1)