[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Another 2.2.23 oddity




On 6 Oct 2005, at 10:07, Pierangelo Masarati wrote:

I guess you're using some ACL that performs "regex" patch on a pattern
computed using submatches;

Ahah. Well spotted :)

if this is the case, the second regex matching
interprets the brackets in the value as part of the pattern. submatches
may need regex-escaping before being used in buildning patterns for
further regex matching, unless building submatch-dependent patterns is
intended.


A sample of your access rules would be of help.

access to dn.regex="cn=(.*),cn=(.*),ou=users,dc=foo" filter= (visibility=private)
by dn.regex="cn=$2,ou=users,dc=foo" write
by * none


access to dn.regex="cn=(.*),cn=(.*),ou=users,dc=foo" filter= (visibility=friends)
by dn.regex="cn=$2,ou=users,dc=foo" write
by group/gameUser/friend.expand="cn=$2,ou=users,dc=foo" read
by * none


access to dn.regex="cn=(.*),cn=(.*),ou=users,dc=foo" filter= (visibility=public)
by dn.regex="cn=$2,ou=users,dc=foo" write
by * read


the key bits of custom schema...

objectClass ( 1.3.6.1.4.1.4203.666.20.5
        NAME 'gameUser''
        SUP organizationalRole STRUCTURAL
        MUST ( cn )
        MAY ( role $ friend $ tag $ reminder $ confirmed )
        )

objectClass ( 1.3.6.1.4.1.4203.666.20.6
        NAME 'userAttr'
        SUP top STRUCTURAL
        MUST ( cn $ value $ visibility )
        )