File-based Name Mapping
GridShib Beta implements a file-based name mapping at the !IdP. (A name mapping file is similar in concept to the grid-mapfile at the Grid SP.) Each row in the name mapping file includes an RFC 2253-conformant DN string and a principal name, separated by one or more whitespace characters. Quoted or unquoted forms (in either data element) are permitted. In a quoted form, the escape character is the familiar backslash character (
).
Blank lines and comments are permitted in the name mapping file. A comment is any line whose first non-whitespace character is the octothorp (#).
The implementation uses regular expressions to parse a name mapping file. The following rules are used to parse the file:
- Blank lines and comments are ignored.
- Each remaining line of the file consists of two whitespace-separated fields: the DN and the principal name (in that order).
- In either case, an input field is either a QUOTED_FORM or an UNQUOTED_FORM.
- An UNQUOTED_FORM is a contiguous sequence of one or more non-whitespace characters.
- A QUOTED_FORM is an arbitrary sequence of characters delimited by doublequote characters.
- Inside a QUOTED_FORM, every character is interpreted literally except the doublequote character and the backslash character. The latter is the escape character.
- A literal doublequote character must be escaped with a backslash.
- A literal backslash character must also be escaped with a backslash (i.e., a "double backslash").
- An escaped character other than doublequote or backslash is equivalent to the corresponding unescaped character.
- A QUOTED_FORM may be preceded by zero or more whitespace characters.
A simple example of a name mapping file is distributed along with GridShib Beta.