[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL regex and attribute value

Emmanuel Dreyfus wrote:

Is the kind of ACL below supported?
access to dn.regex="^uid=.+,(ou=.+),o=org$" attrs=foo val.regex="^(.*)$"
  by ...

I expect $1 to hold ou=whatever and $2 to hold attribute foo value that
gets modified. I have trouble to get it working, and I wonder if
1) are $<digit> supported in val.regex ?


2) is it allowed touse $<digit> with multiples regex? Ot will the values
gathered by the last match overwrite the first one?

You should define its meaning. If val.regex were to support submatches, I don't see anything preventing slapd from considering the various bits of the <what> part as a single, ordered source of submatches to be used in the <by> clause. You should be aware, however, that the ordering of <what> (and <by>) patterns is hardcoded, and they get re-sorted internally. For example, you could write

access to dn.regex="^uid=.+,(ou=.+),o=org$" attrs=foo val.regex="^(.*)$"


access to attrs=foo val.regex="^(.*)$" dn.regex="^uid=.+,(ou=.+),o=org$"

and they would be represented exactly the same in the ACL data structure. As such, determining what's $1 and what's $2 would need to be predefined, and not based on how you typed it in your rule.


Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it