[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Regular expressions in access control lists (ACLs)
Kurt D. Zeilenga writes:
>At 05:36 AM 4/2/99 +0200, Hallvard B Furuseth wrote:
>>People,
>>
>>do you use regular expressions in ACLs in slapd.conf, as in
>> (cn=John|Abel)*,o=somewhere
>
> One of my personal favorite (...)
Damn. That was more useful than I'd hoped for...
>> Regular expressions in ACLs are bug-prone because
>> - they can't handle DNs that contain both case-sensitive and
>> case-insensitive attributes,
>
> DN, itself, is case insensitive string.
What do you mean? If I have the
attribute id ces
in slapd.conf, should 'id=AA,o=UiO' match 'id=aa,o=UiO'?
>> The ACL won't work properly when that's
>> done wrong - unless the ACL already matches the DN's normalized form.
>
> The fact that a some folks cannot write a regex to match a normalized
> DN is poor reason to remove the functionality used by others.
OK.
--
Hallvard