[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP Access Control

To: openldap-software@OpenLDAP.org
Subject: RE: LDAP Access Control
From: "Ace Suares" <ace@suares.com>
Date: Thu, 19 Sep 2002 23:40:59 -0400
Content-description: Mail message body
In-reply-to: <5.1.0.14.0.20020919194508.03f86e18@127.0.0.1>
References: <3D8A4E8F.2176.77C369@localhost>

Kurt !

Thanks so much for pointing this out.

My eminent ACL entry in the faq is getting more shape now ;-)

> At 07:24 PM 2002-09-19, Ace Suares wrote:
> >I'am not so concerned about matching for instance
> >cn=joe,ou=sub,dc=xyz,ou=foo
> >but I am concerned about *not* matching
> >cn=Suares, Ace,ou=foo
> 
> That's actually an invalid DN.  I assume you mean:
>   cn=Suares\, Ace,ou=foo
> 
> In 2.1, this DN has the normalized form:
>   cn=suares\2c ace,ou=foo


So, in 2.0 or earlier, the [^,]+ *is* matching the wrong things.

Thanks so much for this clarification.

still 2 to go:

What about the = character ?

And how about restricting the creation of certain entries by ACL ?


Many greetings,
Ace

Follow-Ups:
- RE: LDAP Access Control
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- RE: LDAP Access Control
  - From: "Ace Suares" <ace@suares.com>
- RE: LDAP Access Control
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: program compiling LDAP
Next by Date: Problem with high-bit characters
Index(es):
- Chronological
- Thread