[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP Access Control

> Remember that regexp matches are "greedy" - a pattern will go for the longest
> possible match in a string. So a pattern "cn=.*,ou=foo" will match
> 	cn=joe,ou=sub,dc=xyz,ou=foo
> 	cn=bob,ou=foo
> 	cn=,ou=foo
> etc...

Thanks, Howard. It was exactly the greediness that I was asking 
about in a previous mail. 

I'am not so concerned about matching for instance
but I am concerned about *not* matching
cn=Suares, Ace,ou=foo

That's why the question was: is it allowed to have a , or an =
between cn= and ,ou=foo !

Probably the answer is in a FAQ or manual where it states which 
characters are allowed - but haven't found that yet.

Another question that still lays around is if it is possible to use 
ACL's to restrict the creation of certain records.
I think it's not. Is this a feature that is likely to be given any 
thought by the developers ?