[Date Prev][Date Next]
Regular expressions in access control lists (ACLs)
do you use regular expressions in ACLs in slapd.conf, as in
I think this support ought to be replaced with normal `cn=*,o=somewhere'
syntax and some sort of groups of names.
Regular expressions in ACLs are bug-prone because
- they can't handle DNs that contain both case-sensitive and
- it's hard to "normalize" a regular expression matching a DN (e.g.
remove spaces i front of the "," between RDNs, convert to uppercase
when necessary, and so on). The ACL won't work properly when that's
done wrong - unless the ACL already matches the DN's normalized form.