THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Code Block |
---|
ssl.principal.mapping.rules= RULE:^CN=(.*?),OU=ServiceUsers.*$/$1/, RULE:^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$/$1@$2/, RULE:^cn=(.*?),ou=(.*?),dc=(.*?),dc=(.*?)$/$1@$2/L, RULE:^.*[Cc][Nn]=([a-zA-Z0-9.]*).*$/$1/L, DEFAULT |
...
Distinguished Name | Mapping pattern | Mapping replacement | mapped name |
---|---|---|---|
CN=kafka-server1, OU=KAFKA | ^CN=(.*?), OU=(.*?)$ | $1 | kafka-server1 |
CN=kafka1, OU=SME, O=mycp, L=Fulton, ST=MD, C=US | ^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$ | $1@$2 | kafka1@SME |
cn=kafka1,ou=SME,dc=mycp,dc=com | ^cn=(.*?),ou=(.*?),dc=(.*?),dc=(.*?)$ | $1 | kafka1 |
Notes:
Proposed mapping rules works on string representation of the X.500 distinguished name(RFC2253 format) [1].
Mapping rules can use the attribute types keywords defined in RFC 2253 (CN, L, ST, O, OU, C, STREET, DC, UID).
...
Code Block |
---|
ssl.principal.mapping.pattern=^CN=(.*?),OU=ServiceUsers.*$ ssl.principal.mapping.value=$1 ssl.principal.mapping.pattern=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$ ssl.principal.mapping.value=$1@$2 ssl.principal.mapping.pattern=^CN=(.*?), OU=(.*?)$ ssl.principal.mapping.value=$1@$2 |
...