Hi!

 

Trying to match the (som,e experimental) certificate subject to assign it LDAP users, I have some problems:

Escaping of the subject seems to make regexp matching even harder.

For example

“CN = "uid=windl+email=u.windl@ukr.de", GN = Ulrich, SN = Windl” (as displayed by OpenSSL) is converted to

“dn:sn=windl,givenName=ulrich,cn=uid\3Dwindl\2Bemail\3Du.windl@ukr.de”

 

As I understand it uid=windl+email=u.windl@ukr.de" and email=u.windl@ukr.de+uid=windl" would be equivalent.

 

So when I want to match just the uid part I could use “uid\\3D([^,]+)”, but that would include “\2Bemail\3Du…”.

If I’d use uid\\3D([^,\]+)”, instead, any escaped character inside the uid would terminate the match.

 

How do the experts handle it? Use very simplistic CNs in certificates?

 

Kind regards,

Ulrich Windl