I tracked down the bug by going through the source code.

Basically, slap_sasl_rewrite_config() in servers/slapd/saslauthz.c passes the information to rewrite_parse() in libraries/librewrite/config.c. However, what slap_sasl_rewrite_config() sends is NOT what rewrite_parse() expects to get.

It looks like rewrite_parse is a generic function which is called all over the place. Probably not best to mess with that. However, slap_sasl_rewrite_config() is only called from servers/slapd/bconfig.c, so any changes could take place in either of those two places relatively easily.

Anyway, what slap_sasl_rewrite_config has in my little test: fname = "slapd" lineno = 0 argc = 3 argv[0] = "olcAuthIDRewrite" argv[1] = "authid-rewriteEngine" argv[2] = "on"

In rewrite_parse(), it expects it to be set up more like this: fname = "slapd" lineno = 0 argc = 2 argv[0] = "rewriteEngine" argv[1] = "on"

So all that needs to happen in slap_sasl_rewrite_config() is: argc--; and Get rid of argv[0] and shift everything down in the array (1 ==> 0, 2 ==> 1, etc.) (?and then put it all back when finished?)

Anyway, I'm not sure how to do that, so the most I can really help out here is by filing this report so you don't have to spend your time tracking down the issue.

Second note: it would have helped with debugging had a particular debug command been properly finished. See libraries/librewrite/config.c, line 289-291. The debug command has the %s placeholder for the third argument, but is passed "" instead of something more useful like: argv[0]. Probably just a little oversight.

Any way I can help with any of this?