[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: group.regex doesn't do regex (ITS#2788)




Dear Kurt,

Thank you for your prompt reply on this ITS that I only submitted few hours 
ago. I really appreciate that.

> As noted on the software list, group.regex takes a replacement
> string where replacements are made based upon a previously
> evaluated regular name.   The document in HEAD (and, IIRC, 2.2)
> has been clarified.

Good.

>
> >If the argument is a regex, the by
> >clause will be dropped without an error (i.e. when reading the
> > configuration file, no errors are triggered, and when using the clause
> > while looking up access, it is silently dropped with no trace in the
> > logfiles (with spald -d 128)
>
> Most skipping of by clauses is not logged.  You're welcomed to
> submit a patch to provide more logging.

If I could do that I wouldn't write an ITS but submit a patch. Not everybody 
is a C programmer. I do hope I can make other contributions to OpenLDAP 
though, as the software is vary valuable from me since 1999 or so when I 
started using qmail-ldap.

>
> I personally don't think it makes sense to support a regex here
> as there is no reasonable string known to be associated with the
> subject to be the target of the regex.


Pesronally, I had the following in mind:

access to somedn
	by group.regex="qGroup=.*,qDomain=suares.an,qApp=qwido"

this would give access to all members of all groups under qDomain=suares.an
and this is a serious consideration on my side, since groups can have members 
that come from anyplace inside the tree, so a simple regex for all members of 
all groups could not exist.

>
> Hence, I'm inclined to reject your request.
>
> Kurt

I am thus inclined to disagree with your inclination to reject this request.

_Ace

-- 
website: http://www.suares.nl * http://www.qwikzite.nl