"Dieter Kluenter" <[email protected]> writes: > Hi, > I face a strange behaviour of a authz regexp. This is part of my > slapd.conf > > authz-regexp "gidNumber=(.*)\+uidNumber=(.*),cn=peercred,cn=external,cn= auth" > "ldap:///o=avci,c=de?dn?sub?(&(uidNumber=$2)(gidNumber=$1))" > > The result of a ldapwhoami: > > SASL/EXTERNAL authentication started > SASL username: gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth > SASL SSF: 0 > dn:gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth > > A result of search > ldapsearch -Y EXTERNAL -H ldapi:/// -b o=avci,c=de -s sub > "(&(gidNumber=100)(uidNumber=1000))" dn > > dn: cn=Dieter Kluenter,ou=Partner,o=avci,c=de > result: 0 Success
This sequence looks a bit strange: ... 5cb44468 connection_read(16): checking for input on id=1000 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 03 42 00 0....B. ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0x7f4fa41040a0 ptr=0x7f4fa41040a0 end=0x7f4fa41040a5 len=5 0000: 02 01 03 42 00 ...B. 5cb44468 op tag 0x42, time 1555317864 ber_get_next ldap_read: want=8, got=0 ... -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
