Re: Another 2.2.23 oddity

[Mike Whitaker <mike@mindcandydesign.com>]

On 6 Oct 2005, at 10:07, Pierangelo Masarati wrote:

> I guess you're using some ACL that performs "regex" patch on a pattern
> computed using submatches;

Ahah. Well spotted :)

> if this is the case, the second regex matching
> interprets the brackets in the value as part of the pattern.   
> submatches
> may need regex-escaping before being used in buildning patterns for
> further regex matching, unless building submatch-dependent patterns is
> intended.
>
> A sample of your access rules would be of help.

access to dn.regex="cn=(.*),cn=(.*),ou=users,dc=foo" filter= 
(visibility=private)
     by dn.regex="cn=$2,ou=users,dc=foo" write
     by * none

access to dn.regex="cn=(.*),cn=(.*),ou=users,dc=foo" filter= 
(visibility=friends)
     by dn.regex="cn=$2,ou=users,dc=foo" write
     by group/gameUser/friend.expand="cn=$2,ou=users,dc=foo" read
     by * none

access to dn.regex="cn=(.*),cn=(.*),ou=users,dc=foo" filter= 
(visibility=public)
     by dn.regex="cn=$2,ou=users,dc=foo" write
     by * read

the key bits of custom schema...

objectClass ( 1.3.6.1.4.1.4203.666.20.5
        NAME 'gameUser''
        SUP organizationalRole STRUCTURAL
        MUST ( cn )
        MAY ( role $ friend $ tag $ reminder $ confirmed )
        )

objectClass ( 1.3.6.1.4.1.4203.666.20.6
        NAME 'userAttr'
        SUP top STRUCTURAL
        MUST ( cn $ value $ visibility )
        )