[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl again

To: Pierangelo Masarati <masarati@aero.polimi.it>
Subject: Re: acl again
From: Stig Venaas <Stig@OpenLDAP.org>
Date: Sat, 10 Nov 2001 13:38:49 +0100
Cc: dietzold@imise.uni-leipzig.de, openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <200111081656.fA8GudQ05333@server.aero.polimi.it>; from masarati@aero.polimi.it on Thu, Nov 08, 2001 at 05:56:38PM +0100
References: <Pine.GSO.4.40.0111081743400.29376-100000@fink> <200111081656.fA8GudQ05333@server.aero.polimi.it>
User-agent: Mutt/1.2.5i

On Thu, Nov 08, 2001 at 05:56:38PM +0100, Pierangelo Masarati wrote:
> > 
> > Hi there,
> > 
> > ok, the main wattles about regex i check, but why does this rule dont
> > work?
> > 
> > ---
> > access to dn="(dc=[^,]+,)*(dc=[^,]+)$"
> > 	by group/organizationalRole/roleOccupant="cn=Domain Administrator, ou=Roles, $1 $2" write
> 
> Before going into details, remember that ACLs and significantly regexes
> operate on NORMALIZED DNs, so you'd write:
> 
> 
> access to dn="(dc=[^,]+,)*(dc=[^,]+)$"
>     by group/organizationalRole/roleOccupant="cn=Domain Administrator,ou=Roles,$1$2" write
> 
> 
> without extra intervening spaces.

Maybe we should try to normalize that in the code when parsing the rule?
I should look into Unicode and ACLs, we need to decide what to try to
normalize though. Normalization and regexps are a bit awkward, even more
so when taking Unicode into account.

Stig

References:
- acl again
  - From: Sebastian Dietzold <dietzold@imise.uni-leipzig.de>
- Re: acl again
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: Benchmark for OpenLDAP + Kerberos ?
Next by Date: Assertion `rw != ((void *)0)' failed.
Index(es):
- Chronological
- Thread