[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3780) val.regex with attributes doesn't honor searches

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3780) val.regex with attributes doesn't honor searches
From: ando@sys-net.it
Date: Sat, 25 Jun 2005 09:16:55 GMT

Quanah,

it is unclear to me what access privilege should be granted if the value 
of the attribute does not match the indicated regex pattern.  In any 
case, to allow substring filtering, one needs to allow search access to 
any value of a given type.  This definitely makes sense, I think, 
because when filtering takes place, the entry is not available yet, 
while the value of a substrings filter is supposed to be incomplete.  So 
having

access to attrs=type val.regex=pattern
    by someone read
access to attrs=type
    by someone search

seems to be the required approach.

In principle, we could allow more granularity to the "search" privilege, 
to allow addressing presence, exact, substring(, approx?, ordering?) and 
so on.  But this would need discussing it on -devel.

p.


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: Re: (ITS#3796) slapd core on slapcat -b cn=conf
Next by Date: Re: (ITS#3796) slapd core on slapcat -b cn=conf
Index(es):
- Chronological
- Thread