There seems to be a typo in the example given for auth_to_local in the admin guide. The example there contains a regex that will never match based on the rewrite. RULE:[2:$2](^.*;root)s/^.*$/root/ This was probably meant to be RULE:[2:$2](^.*root)s/^.*$/root/ I think one semicolon may have got lose, and snuck in from the example directly above: RULE:[2:$1;$2](^.*;admin$)s/;admin$//