[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP Access Control

To: openldap-software@OpenLDAP.org
Subject: RE: LDAP Access Control
From: "Ace Suares" <ace@suares.com>
Date: Thu, 19 Sep 2002 22:24:15 -0400
Content-description: Mail message body
In-reply-to: <NMEFLNHODBAOPDKNNJALCEONDNAA.hyc@symas.com>
References: <1032462925.6967.108.camel@billy.demon.nl>

> Remember that regexp matches are "greedy" - a pattern will go for the longest
> possible match in a string. So a pattern "cn=.*,ou=foo" will match
> 	cn=joe,ou=sub,dc=xyz,ou=foo
> 	cn=bob,ou=foo
> 	cn=,ou=foo
> etc...


Thanks, Howard. It was exactly the greediness that I was asking 
about in a previous mail. 

I'am not so concerned about matching for instance
cn=joe,ou=sub,dc=xyz,ou=foo
but I am concerned about *not* matching
cn=Suares, Ace,ou=foo

That's why the question was: is it allowed to have a , or an =
between cn= and ,ou=foo !

Probably the answer is in a FAQ or manual where it states which 
characters are allowed - but haven't found that yet.

Another question that still lays around is if it is possible to use 
ACL's to restrict the creation of certain records.
I think it's not. Is this a feature that is likely to be given any 
thought by the developers ?

_ace.

Follow-Ups:
- RE: LDAP Access Control
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: LDAP Access Control
  - From: Tony Earnshaw <tonni@billy.demon.nl>
- RE: LDAP Access Control
  - From: "Howard Chu" <hyc@symas.com>

Prev by Date: Re: ldap_search returning protocol error?
Next by Date: LDAP_PARAM_ERROR sometimes under multithread environment
Index(es):
- Chronological
- Thread