[Date Prev][Date Next] [Chronological] [Thread] [Top]

differences between classic perl and LDAP perl in ACL resolution ??



Hi,

I try to have regex for resolving acl problems but I fail in my tests.

Here is an extract of my slapd-acl.conf (which is include in my
slapd.conf file) :

==============================
access     to dn="alias=(.+)@(.*)(\.)([^\.]+),ou=Mail Alias,o=Naonet
Company,c=fr"
                                             ^^^^^^^^^^^
                by group="cn=Administrateur,ou=Administration
Group,o=Naonet Company,c=fr" write
                by group="cn=$2-$4 Administrateur,ou=Domain
Administration Group,ou=Administration Group,o=Naonet Company,c=fr"
write
                                       ^^^^^
                by dnattr=owner write
                by dn="cn=Mail Alias Server,o=Naonet Company,c=fr" read
                by * none
===============================

I just want to analyse an alias name like "test@domain.fr" and to get
"domain" and "fr" to control acces with the "cn=domain-fr
Administrateur,ou=Domain Admin...." group.

But I can't to do that. When I try to execute a perl script with this
regex it works fine but when I look at the debug file of the ldap
server, there is a problem

Here is my perl test :

================================
#!/usr/bin/perl -w

use strict;

my $texte = 'test@domain.fr';

if ($texte =~ /(.+)@(.*)(\.)([^\.]+)/) {
  print "\$1 = $1 \$2 = $2 \$3 = $3 \$4 = $4\n";
}
~
~
[root@dvlpt naonet]# perl test.pl
$1 = test $2 = domain $3 = . $4 = fr
=================================

The result is exactly what I want for $2 and $4

But with the debug file :
=================================
=> dnpat: [11] ALIAS=(.+)@(.*)(.)([^.]+),OU=MAIL ALIAS,O=NAONET
COMPANY,C=FR nsub: 4
                                               ^^^^^^^^^
=> acl_get: [11] global ACL match
=> acl_get: [11] check attr
<= acl_get: [11] global acl alias=Daniel.Pierrat@naonet.fr,ou=Mail
Alias, o=Naonet Company,c=fr attr: objectclass
  ^
^^^^^^^
[...]

=> string_expand: pattern:  CN=$2-$4 ADMINISTRATEUR,OU=DOMAIN
ADMINISTRATION GROUP,OU=ADMINISTRATION GROUP,O=NAON
ET COMPANY,C=FR
                                                  ^^^^^
=> string_expand: expanded: CN=NAONET.-R ADMINISTRATEUR,OU=DOMAIN
ADMINISTRATION GROUP,OU=ADMINISTRATION GROUP,O=
NAONET COMPANY,C=FR
                                                     ^^^^^^^^^^^
==================================

Can someone help me and tell me if OpenLdap have a different
interpretation of a perl regex ?

thanks, Manu.