[Date Prev][Date Next] [Chronological] [Thread] [Top]

Regular expressions in access control lists (ACLs)


do you use regular expressions in ACLs in slapd.conf, as in

I think this support ought to be replaced with normal `cn=*,o=somewhere'
syntax and some sort of groups of names.
Regular expressions in ACLs are bug-prone because

- they can't handle DNs that contain both case-sensitive and
  case-insensitive attributes,

- it's hard to "normalize" a regular expression matching a DN (e.g.
  remove spaces i front of the "," between RDNs, convert to uppercase
  when necessary, and so on).  The ACL won't work properly when that's
  done wrong - unless the ACL already matches the DN's normalized form.