Quoting Michael Ströder mich...@stroeder.com:
uid=([^,]*) looks strange to me. How about trying uid=([^,]+) instead?
That would only help to avoid matching an empty uid. Anyway, we've
already established that the problem is not the search pattern, but
the authz-regexp replacement pattern.
Quoting Jaap Winius jwin...@umrk.nl:
authz-regexp
uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
ldap:///dc=example,dc=com??sub?
((|(entryDN:dnSubtree:=ou=eng,dc=example,dc=com)
(entryDN:dnSubtree:=ou=bio,dc=example,dc=com))
Quoting Michael Ströder mich...@stroeder.com:
uid=([^,]*) looks strange to me. How about trying uid=([^,]+) instead?
That would only help to avoid matching an empty uid. Anyway, we've
already established that the problem is not the search pattern, but
the authz-regexp replacement pattern.
Hi all,
My OpenLDAP 2.4 test system uses Kerberos, SASL and GSSAPI. I've got
person objects located in two different org. units and want to search
both of them for a potential match, so I included these two statements
in slapd.conf:
authz-regexp
Jaap Winius wrote:
Hi all,
My OpenLDAP 2.4 test system uses Kerberos, SASL and GSSAPI. I've got
person objects located in two different org. units and want to search
both of them for a potential match, so I included these two statements
in slapd.conf:
authz-regexp