2.2.1. Creating Rules

To accomodate more complex translations, you can create a hierarchical set of rules to add to the default. Each rule is divided into three parts: base, filter, and substitution.

  • The Base:

    The base begins with the number of components in the principal name (excluding the realm), followed by a colon, and the pattern for building the username from the sections of the principal name. In the pattern section $0 translates to the realm, $1 translates to the first component and $2 to the second component.

    For example:

    [1:$1@$0] translates myusername@APACHE.ORG to myusername@APACHE.ORG

    [2:$1] translates myusername/admin@APACHE.ORG to myusername

    [2:$1%$2] translates myusername/admin@APACHE.ORG to “myusername%admin

  • The Filter:

    The filter consists of a regex in a parentheses that must match the generated string for the rule to apply.

    For example:

    (.*%admin)matches any string that ends in %admin

    (.*@SOME.DOMAIN) matches any string that ends in @SOME.DOMAIN

  • The Substitution:

    The substitution is a sed rule that translates a regex into a fixed string.

    For example:

    s/@ACME\.COM// removes the first instance of @SOME.DOMAIN.

    s/@[A-Z]*\.COM// removes the first instance of @ followed by a name followed by COM.

    s/X/Y/g replaces all of the X in the name with Y


loading table of contents...