[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: saslAuthzTo and regexp troubles



Hi Pierangelo,

thanks for your reply. I tried

saslAuthzTo: dn.regexp: uid=.*,ou=MailCustomers,dc=bestsolution,dc=at

... which is wrong because of the whitespace between "dn.regexp: uid"
and even worse "dn.regexp:" should be "dn.regex:".

For the sake of consistency I think sasl-regexp should somewhen be
renamed to sasl-regex as well ...

And your dn.onelevel is even better of course :-)

Udo Rader

BestSolution.at GmbH
http://www.bestsolution.at


On Mon, 2005-05-23 at 16:52 +0200, Pierangelo Masarati wrote:
> > Hi,
> >
> > after upgrading our openldap server to the most current version, I'm
> > having bad troubles with saslAuthzTo and regular expressions.
> >
> > Previously the following attribute setting for saslAuthzTo was working:
> >
> > saslAuthzTo: uid=.*,ou=MailCustomers,dc=bestsolution,dc=at
> 
> In 2.2, the DNs used in saslAuthzTo and saslAuthzFrom (note that this will
> soon change into authzTo and authzFrom) default to exact; if you want
> regex matching, you need to explicitly set the style to regex.  So your
> rule would read
> 
> saslAuthzTo: dn.regex:uid=.*,ou=MailCustomers,dc=bestsolution,dc=at
> 
> Note that if you can give away with the "uid=" prefix, a rule like
> 
> saslAuthzTo: dn.onelevel:ou=MailCustomers,dc=bestsolution,dc=at
> 
> would save you a regcomp(), regexec().
> 
> This should be documented somewhere, e.g. in slapd.conf(5) or in the admin
> guide.  I cannot find the reference right now, but I'm sure it is...
> 
> p.
> 

Attachment: signature.asc
Description: This is a digitally signed message part