[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL regex and attribute value
Emmanuel Dreyfus wrote:
Helo
Is the kind of ACL below supported?
access to dn.regex="^uid=.+,(ou=.+),o=org$" attrs=foo val.regex="^(.*)$"
by ...
I expect $1 to hold ou=whatever and $2 to hold attribute foo value that
gets modified. I have trouble to get it working, and I wonder if
1) are $<digit> supported in val.regex ?
No, AFAIK.
2) is it allowed touse $<digit> with multiples regex? Ot will the values
gathered by the last match overwrite the first one?
You should define its meaning. If val.regex were to support submatches,
I don't see anything preventing slapd from considering the various bits
of the <what> part as a single, ordered source of submatches to be used
in the <by> clause. You should be aware, however, that the ordering of
<what> (and <by>) patterns is hardcoded, and they get re-sorted
internally. For example, you could write
access to dn.regex="^uid=.+,(ou=.+),o=org$" attrs=foo val.regex="^(.*)$"
or
access to attrs=foo val.regex="^(.*)$" dn.regex="^uid=.+,(ou=.+),o=org$"
and they would be represented exactly the same in the ACL data
structure. As such, determining what's $1 and what's $2 would need to
be predefined, and not based on how you typed it in your rule.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando@sys-net.it
-----------------------------------