[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OID syntax and NAMEs

Howard Chu wrote:
> Michael Ströder wrote:
>> Eventual I'd like to have a constraint like this:
>> # check whether appropriate password policy is assigned
>> constraint_attribute structuralObjectClass,pwdPolicySubentry
>>   set "this/structuralObjectClass & this/pwdPolicySubentry/aeApplicableSOC"
> Not possible without custom code.

Hmm, are this/structuralObjectClass and this/pwdPolicySubentry generally
unusable in set-constraints?

Or does it not work because of the different matching rules?

I'm asking because this constraint is not applied at all (with aeApplicableSOC
declared as IA5 String, lines wrapped in the e-mail):

constraint_attribute pwdPolicySubentry
  set "this/pwdPolicySubentry & ([ldap:///{{ aedir_suffix }}?entryDN?sub?
       (&(objectClass=aePolicy)(aeStatus=0)(aeApplicableSOC=] +
       this/structuralObjectClass + [))]/entryDN)"

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature