Quoting Michael Ströder mich...@stroeder.com:
uid=([^,]*) looks strange to me. How about trying uid=([^,]+) instead?
That would only help to avoid matching an empty uid. Anyway, we've
already established that the problem is not the search pattern, but
the authz-regexp replacement pattern.
Quoting Jaap Winius jwin...@umrk.nl:
authz-regexp
uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
ldap:///dc=example,dc=com??sub?
((|(entryDN:dnSubtree:=ou=eng,dc=example,dc=com)
(entryDN:dnSubtree:=ou=bio,dc=example,dc=com))