[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Regular expressions in access control lists (ACLs)



Kurt D. Zeilenga writes:
>At 05:36 AM 4/2/99 +0200, Hallvard B Furuseth wrote:
>>People,
>>
>>do you use regular expressions in ACLs in slapd.conf, as in
>>	(cn=John|Abel)*,o=somewhere
> 
> One of my personal favorite (...)

Damn.  That was more useful than I'd hoped for...


>> Regular expressions in ACLs are bug-prone because
>> - they can't handle DNs that contain both case-sensitive and
>>   case-insensitive attributes,
> 
> DN, itself, is case insensitive string.

What do you mean?  If I have the
	attribute  id  ces
in slapd.conf, should 'id=AA,o=UiO' match 'id=aa,o=UiO'?


>>   The ACL won't work properly when that's
>>   done wrong - unless the ACL already matches the DN's normalized form.
> 
> The fact that a some folks cannot write a regex to match a normalized
> DN is poor reason to remove the functionality used by others.

OK.

-- 
Hallvard