Hi Pierangelo, thanks for your reply. I tried saslAuthzTo: dn.regexp: uid=.*,ou=MailCustomers,dc=bestsolution,dc=at ... which is wrong because of the whitespace between "dn.regexp: uid" and even worse "dn.regexp:" should be "dn.regex:". For the sake of consistency I think sasl-regexp should somewhen be renamed to sasl-regex as well ... And your dn.onelevel is even better of course :-) Udo Rader BestSolution.at GmbH http://www.bestsolution.at On Mon, 2005-05-23 at 16:52 +0200, Pierangelo Masarati wrote: > > Hi, > > > > after upgrading our openldap server to the most current version, I'm > > having bad troubles with saslAuthzTo and regular expressions. > > > > Previously the following attribute setting for saslAuthzTo was working: > > > > saslAuthzTo: uid=.*,ou=MailCustomers,dc=bestsolution,dc=at > > In 2.2, the DNs used in saslAuthzTo and saslAuthzFrom (note that this will > soon change into authzTo and authzFrom) default to exact; if you want > regex matching, you need to explicitly set the style to regex. So your > rule would read > > saslAuthzTo: dn.regex:uid=.*,ou=MailCustomers,dc=bestsolution,dc=at > > Note that if you can give away with the "uid=" prefix, a rule like > > saslAuthzTo: dn.onelevel:ou=MailCustomers,dc=bestsolution,dc=at > > would save you a regcomp(), regexec(). > > This should be documented somewhere, e.g. in slapd.conf(5) or in the admin > guide. I cannot find the reference right now, but I'm sure it is... > > p. >
Attachment:
signature.asc
Description: This is a digitally signed message part