Hi,
I have th following directive in the slapd.conf:
authz-regexp gidNumber=([^0][0-9]+).uidNumber=([^0][0-9]+),cn=peercred,cn=external,cn=auth ldapi:///ou=people,dc=local???(uidNumber=$2)
but server is unable to fetch (slap_sasl2dn: Converted SASL name to <nothing>)
here is trace output (slapd -d 2177 -h "ldapi:/// ldaps:/// ldap:///"):
50ca62b8 >>> dnPrettyNormal: <> 50ca62b8 <<< dnPrettyNormal: <>, <> 50ca62b8 do_bind: dn () SASL mech EXTERNAL 50ca62b8 ==>slap_sasl2dn: converting SASL name gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth to a DN 50ca62b8 ==> rewrite_context_apply [depth=1] string='gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth' 50ca62b8 ==> rewrite_rule_apply rule='gidNumber=([^0][0-9]+).uidNumber=([^0][0-9]+),cn=peercred,cn=external,cn=auth' string='gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth' [1 pass(es)] 50ca62b8 ==> rewrite_context_apply [depth=1] res={0,'ldapi:///ou=people,dc=local??sub?(uidNumber=1000)'} 50ca62b8 slap_parseURI: parsing ldapi:///ou=people,dc=local??sub?(uidNumber=1000) ldap_url_parse_ext(ldapi:///ou=people,dc=local??sub?(uidNumber=1000)) 50ca62b8 <==slap_sasl2dn: Converted SASL name to <nothing> 50ca62b8 SASL Authorize [conn=1001]: proxy authorization allowed authzDN="" 50ca62b8 send_ldap_sasl: err=0 len=-1 50ca62b8 do_bind: SASL/EXTERNAL bind: dn="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth" sasl_ssf=0 50ca62b8 send_ldap_response: msgid=1 tag=97 err=0
Direct sasl authz mapping works fine, but URI does not, what's wrong with this stuff?
How I can check URI correctness for slapd or get tracing info from ldap_url_parse_ext/slap_sasl2dn about why they returned nothing?
With wich access rights slapd does its internal query ? How to configure them ?