THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
For the pattern portion of the pairing, regular expression syntax is used to parse the original identity into components.
The value portion of the pairing uses these parsed components in variable substitution format to build the translated version of the identity.
Above example, we only want to extract the CN part of the Subject and use it as the principal name of the client.
For the distinguished name "CN=userName, OU=OrgUnit, DC=Company", above pattern returns "userName" as the principal name.
So a login with "CN=localhost, OU=OrgUnit, DC=Company" matches with pattern above and the mapping value $1 is applied. The principal name is normalized to "localhost".
Examples:
| Code Block |
|---|
ssl.principal.mapping.pattern=^CN=(.*?),OU=ServiceUsers.*$
ssl.principal.mapping.value=$1
ssl.principal.mapping.pattern=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$
ssl.principal.mapping.value=$1@$2
ssl.principal.mapping.pattern=^CN=(.*?), OU=(.*?)$
ssl.principal.mapping.value=$1@$2 |
| Distinguished Name | Mapping pattern | Mapping value | mapped name |
|---|---|---|---|
| CN=kafka-server1, OU=KAFKA | ^CN=(.?), OU=(.?)$ | $1 | kafka-server1 |
This is a simple option and handles most of the common use cases.
...