THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
For the pattern portion of the pairing, regular expression syntax is used to parse the original identity into components.
The value portion of the pairing uses these parsed components in variable substitution format to build the translated version of the identity.
So a login with "CN=localhost, OU=OrgUnit, DC=Company" matches with pattern above and the mapping value $1 is applied. The principal name is will normalized to "localhost".
...
ssl.principal.mapping.rules: This config allows a list of rules for mapping distinguished name to short principal name.
The rules are evaluated in order and the first rule that matches a principal name is used to map it to a short name.
Any later rules in the list are ignored. By default, string representation of the X.500 certificate will be the principal.
...
The format for exp is pattern/replacement/[LU]. If the string matches the pattern, then the replacement
command will be run over the string.
...
Similar to SASL kerberos principal rules, we can also support lowercase/upper case rule, to force
the result to be all lower/upper case. This is done by adding a "/L" , "/U" to the end of the rule.
...