[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: extended acl

At 02:21 PM 6/15/99 +0800, Ivan Leong wrote:
>yes, initial thoughts did fall on regex and $1..$9
>substitutions. but i wasn't sure slapd src code
>would relay the connection from ([^,]+) to the
>$1 substitution.
>other aspects of slapd's use of regex also
>worries me:
>   access to dn=.*,mail=([^,]+)
>won't the ".*" match the succeeding ","?

No, the expression requires that comma to be present.
Removing the ',' might have undesirable side effects

would match "mymail=foo".  Using a question operator
resolves that issue:

This of course, matches entries than
	access to dn=.*,mail=([^,]+)

>shouldn't all such cases of ".*" be replaced
>by "[^,]*"?

no. commas are allowed within certain attribute
values and is rdn deliminator.  I only use [^,]
in special cases (such as matching an email
address in the example of above).

>what abt "^" and "&" match begin line and end line?
You mean ^ and $, I assume.
>aren't they needed?

They might be... I'd have to read the code myself.  :-)
In fact, careful use of ^ and $ can enhance ACL