[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP Access Control



At 07:24 PM 2002-09-19, Ace Suares wrote:
>I'am not so concerned about matching for instance
>cn=joe,ou=sub,dc=xyz,ou=foo
>but I am concerned about *not* matching
>cn=Suares, Ace,ou=foo

That's actually an invalid DN.  I assume you mean:
  cn=Suares\, Ace,ou=foo

In 2.1, this DN has the normalized form:
  cn=suares\2c ace,ou=foo

So,
  ([^,]+),ou=foo

will match only entries directly under ou=foo.  That is,
the only unescaped commas in normalized DNs are RDN
separators.

(Note that hexpair escaping actually makes matching
commas in values easier in general... because you don't
have to deal with escaped backslash characters.)

Kurt