[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: group.regex doesn't do regex (ITS#2788)
Dear Kurt,
Thank you for your prompt reply on this ITS that I only submitted few hours
ago. I really appreciate that.
> As noted on the software list, group.regex takes a replacement
> string where replacements are made based upon a previously
> evaluated regular name. The document in HEAD (and, IIRC, 2.2)
> has been clarified.
Good.
>
> >If the argument is a regex, the by
> >clause will be dropped without an error (i.e. when reading the
> > configuration file, no errors are triggered, and when using the clause
> > while looking up access, it is silently dropped with no trace in the
> > logfiles (with spald -d 128)
>
> Most skipping of by clauses is not logged. You're welcomed to
> submit a patch to provide more logging.
If I could do that I wouldn't write an ITS but submit a patch. Not everybody
is a C programmer. I do hope I can make other contributions to OpenLDAP
though, as the software is vary valuable from me since 1999 or so when I
started using qmail-ldap.
>
> I personally don't think it makes sense to support a regex here
> as there is no reasonable string known to be associated with the
> subject to be the target of the regex.
Pesronally, I had the following in mind:
access to somedn
by group.regex="qGroup=.*,qDomain=suares.an,qApp=qwido"
this would give access to all members of all groups under qDomain=suares.an
and this is a serious consideration on my side, since groups can have members
that come from anyplace inside the tree, so a simple regex for all members of
all groups could not exist.
>
> Hence, I'm inclined to reject your request.
>
> Kurt
I am thus inclined to disagree with your inclination to reject this request.
_Ace
--
website: http://www.suares.nl * http://www.qwikzite.nl