...
Public Interfaces
Option 1 is Rejected. : Check Rejected Alternatives section below.
...
Similar to SASL kerberos principal rules, we can also support lowercase/upper case uppercase rule, to force the result to be all lower/upper case. This is done by adding a "/L" , "/U" to the end of the rule.
...
This is option supports multiple mapping patterns. Since Option 1 handles the most of the common use cases, we would like to go with Option 1 Some sample mapping patterns are given below.
Distinguished Name | Mapping pattern | Mapping value | mapped name |
---|---|---|---|
CN=kafka-server1, OU=KAFKA | ^CN=(.?), OU=(.?)$ | $1 | kafka-server1 |
CN=kafka1, OU=SME, O=mycp, L=Fulton, ST=MD, C=US | ^CN=(.?), OU=(.?), O=(.?), L=(.?), ST=(.?), C=(.?)$ | $1@$2 | kafka1@SME |
cn=kafka1,ou=SME,dc=mycp,dc=com | ^cn=(.?),ou=(.?),dc=(.?),dc=(.?)$ | $1 | kaffka1kafka1 |
Notes:
Proposed mapping rules works on string representation of the X.500 distinguished name(RFC2253 format) [1].
Mapping rules can use the attribute types keywords defined in RFC 2253 (CN, L, ST, O, OU, C, STREET, DC, UID).
...