[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: about frequently used ACLs

To: <openldap-devel@OpenLDAP.org>
Subject: Re: about frequently used ACLs
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Wed, 18 Feb 2004 17:53:09 +0100 (CET)
Importance: Normal
In-reply-to: <54555.131.175.154.56.1077090929.squirrel@webmail.sys-net.it>
References: <54555.131.175.154.56.1077090929.squirrel@webmail.sys-net.it>

>
> dn.{onelevel,subtree,children},ava[,multivalued] \
>         =<attr>;<pattern>

The ";" between <attr> and <pattern>
is ambiguous, although attribute options
are explicitly forbidden in RDN AVAs.
A "%" or a "/" could be used instead.

If implemented via ldap_bv2rdn(),
this could also avoid ambiguous,
although pathological, cases,
where a

dn.regex="commonName=[^,]+,dc=example,dc=com" (1)

would not match a DN like

"commonName=Foo,dc=example,dc=com" (2)

because dnNormalize() on (2) before regexec
with (1) would turn (1) into

"cn=Foo,dc=example,dc=com" (3)

Subtyping could be allowed as well,
possibly by means of a further modifier.

Ando.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

References:
- about frequently used ACLs
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: about frequently used ACLs
Next by Date: Guide CVS broken
Index(es):
- Chronological
- Thread