[Date Prev][Date Next] [Chronological] [Thread] [Top]

Regular expressions in access control lists (ACLs)

To: openldap-devel@OpenLDAP.org
Subject: Regular expressions in access control lists (ACLs)
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Fri, 2 Apr 1999 05:36:48 +0200 (MET DST)

People,

do you use regular expressions in ACLs in slapd.conf, as in
	(cn=John|Abel)*,o=somewhere
?


I think this support ought to be replaced with normal `cn=*,o=somewhere'
syntax and some sort of groups of names.
Regular expressions in ACLs are bug-prone because

- they can't handle DNs that contain both case-sensitive and
  case-insensitive attributes,

- it's hard to "normalize" a regular expression matching a DN (e.g.
  remove spaces i front of the "," between RDNs, convert to uppercase
  when necessary, and so on).  The ACL won't work properly when that's
  done wrong - unless the ACL already matches the DN's normalized form.

-- 
Hallvard

Follow-Ups:
- Re: Regular expressions in access control lists (ACLs)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: commit: /libraries/liblutil passwd.c
Next by Date: Re: Regular expressions in access control lists (ACLs)
Index(es):
- Chronological
- Thread