...
Currently, username translations based on rules are done maintaining the case of the input principal. For example, given the rule
Code Block |
---|
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// |
Code Block |
---|
If the source string is joe-qa@EXAMPLE.COM, the result is joe-qa |
...
If the source string is JOE-QA@EXAMPLE.COM, the result is JOE-QA |
...
If the source string is Joe-QA@EXAMPLE.COM, the result is Joe-QA |
However, this may not be desired given how different operating system handle usernames, whereas some are case-sensitive
and some are case-insensitive. For example, Linux is case-sensitive and Windows is case-insensitive.
...
...
Proposed Changes
extend "sasl.kerberos.principal.to.local.rules" config rule format by supporting "/L" (toLowerCase) at the end of the rule. However, it must be noted that this does not affect how pattern matches on input and therefore that will still be case-sensitive.
Code Block |
---|
RULE:[1:$1@$0](joe-qa-.*@EXAMPLE.COM)s/.*/JOE-QA//L |
...
RULE:[1:$1@$0](JOE-QA-.*@EXAMPLE.COM)s/.*/JOE-QA-UPPER//L |
...
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L |
Code Block |
---|
If the source string is joe-qa-cl1@EXAMPLE.COM, the result is joe-qa |
...
If the source string is JOE-QA-cl1@EXAMPLE.COM, the result is joe-qa-upper |
...
If the source string is joe_user@EXAMPLE.COM, the result is joe_user |
...
If the source string is JOE_USER@EXAMPLE.COM, the result is joe_ |
...
use |
Compatibility, Deprecation, and Migration Plan
...