THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
This page is meant as a template for writing a KIP. To create a KIP choose Tools->Copy on this page and modify with your content and replace the heading with the next KIP number and a description of your issue. Replace anything in italics with your own description.
Status
Current state: "Under Discussion"Adopted
Discussion thread: here
JIRA: here
...
| Code Block |
|---|
ssl.principal.mapping.rules= RULE:^CN=(.*?),OU=ServiceUsers.*$/$1/, RULE:^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$/$1@$2/, RULE:^cn=(.*?),ou=(.*?),dc=(.*?),dc=(.*?)$/$1@$2/L, RULE:^.*[Cc][Nn]=([a-zA-Z0-9.]*).*$/$1/L, DEFAULT |
...
| Distinguished Name | Mapping pattern | Mapping value replacement | mapped name |
|---|---|---|---|
| CN=kafka-server1, OU=KAFKA | ^CN=(.*?), OU=(.*?)$ | $1 | kafka-server1 |
| CN=kafka1, OU=SME, O=mycp, L=Fulton, ST=MD, C=US | ^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$ | $1@$2 | kafka1@SME |
| cn=kafka1,ou=SME,dc=mycp,dc=com | ^cn=(.*?),ou=(.*?),dc=(.*?),dc=(.*?)$ | $1 | kafka1 |
Notes:
Proposed mapping rules works on string representation of the X.500 distinguished name(RFC2253 format) [1].
Mapping rules can use the attribute types keywords defined in RFC 2253 (CN, L, ST, O, OU, C, STREET, DC, UID).
...
If we have the OID - key mapping ("1.2.840.113549.1.9.1", "emailAddress"), then the string will be
"CN=Duke,OU=JavaSoft,O=Sun Microsystems,C=US,emailAddress=test@test.com"
Since we don't have OID - key mapping, we can not use additional attribute type keyword string in our rules.
If the user want to extract additional attribute keys, users need to write custom principal builder class.
...
| Code Block |
|---|
ssl.principal.mapping.pattern=^CN=(.*?),OU=ServiceUsers.*$ ssl.principal.mapping.value=$1 ssl.principal.mapping.pattern=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$ ssl.principal.mapping.value=$1@$2 ssl.principal.mapping.pattern=^CN=(.*?), OU=(.*?)$ ssl.principal.mapping.value=$1@$2 |
...