[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL EXTERNAL

To: Howard Chu <hyc@highlandsun.com>
Subject: RE: SASL EXTERNAL
From: Norbert Klasen <norbert.klasen@daasi.de>
Date: Tue, 07 May 2002 13:53:49 +0200
Cc: openldap-devel@OpenLDAP.org
Content-disposition: inline

--On Dienstag, 30. April 2002 05:09 -0700 Howard Chu <hyc@highlandsun.com> wrote:

> Is there already a function like ldap_t61s_to_utf8s for latin1?
> Implementing it shouldn't be much work since each code point in
Latin1 is
> the same in Unicode.


I have added ldap_ucs_to_utf8s to handle this. It also handles the ASN.1
BMPString and UniversalString formats as well. Unfortunately the existing
ldap_x_wcs_to_utf8s was not directly usable for this purpose because (a)
there is no guarantee that a wchar_t is big enough to hold 32 bits and (b)
there is no specification of the byte order within a wchar_t. I have
tested the new code with some 8-bit characters, please give it a try.


Thanks Howard, this works now. Some new issues:

- I need to clear the 'noanonymous' flag from ldapsearch's sasl secprops. Otherwise ldap_sasl_interactive_bind_s returns 'Unknown authentication method'.

- In slap_sasl_regexp_config a ber_str2bv is attempted on the replace pattern. This fails if the replace pattern is an URI:

dnNormalize: <ldap://localhost/c=de??sub?cn=$1>

=> ldap_bv2dn(ldap://localhost/c=de??sub?cn=$1,0) <= ldap_bv2dn(ldap://localhost/c=de??sub?cn=$1,0)=84 SASL replace pattern ldap://localhost/c=de??sub?cn=$1 could not be normalized. ber_str2bv and the subsequent dnNormalize2 should probably be called only on the DN part of the URI.

- Then there is an issue with non-ascii chars and sasl-regex:

dnNormalize: <emailAddress=.*,cn=(.*),o=daasi international

gmbh,l=tübingen,st=baden-württemberg,c=de> <<< dnNormalize: <emailAddress=.*,cn=(.*),o=daasi international gmbh,l=t\C3\BCbingen,st=baden-w\C3\BCrttemberg,c=de>

slap_sasl_regexp: converting SASL name emailAddress=norbert.klasen@daasi.de,cn=norbert klasen,o=daasi international gmbh,l=t\C3\BCbingen,st=baden-w\C3\BCrttemberg,c=de <==slap_sasl2dn: Converted SASL name to <nothing>


Now if I replace all non-ascii chars with 6 wildcards it works:

dnNormalize: <emailAddress=.*,cn=(.*),o=daasi international

gmbh,l=t......bingen,st=baden-w......rttemberg,c=de> <<< dnNormalize: <emailAddress=.*,cn=(.*),o=daasi international gmbh,l=t......bingen,st=baden-w......rttemberg,c=de>

slap_sasl_regexp: converting SASL name emailAddress=norbert.klasen@daasi.de,cn=norbert klasen,o=daasi international gmbh,l=t\C3\BCbingen,st=baden-w\C3\BCrttemberg,c=de slap_sasl_regexp: converted SASL name to cn=norbert klasen,dc=daasi,dc=de


--
Dipl.-Inform. Norbert Klasen
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de

Follow-Ups:
- RE: SASL EXTERNAL
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: SASL secrets in LDAP
Next by Date: RE: SASL EXTERNAL
Index(es):
- Chronological
- Thread