[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OID syntax and NAMEs

To: Howard Chu <hyc@symas.com>, openldap-technical@openldap.org
Subject: Re: OID syntax and NAMEs
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 28 Nov 2016 22:12:55 +0100
In-reply-to: <09316149-d527-3c4b-9c7b-bd753fd29a5c@symas.com>
Openpgp: id=43C8730E84A20E560722806C07DC7AE36A8BC938
References: <1cb3d7ca-4353-82ed-cdb9-aa8b9f925311@stroeder.com> <WM!a14f00b92e4d4627b12052c977e72c1b5c5b863c0aa6d2823a3547eb230a749a0257c1304fe6a9779359beed766606f0!@mailstronghold-1.zmailcloud.com> <09316149-d527-3c4b-9c7b-bd753fd29a5c@symas.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 SeaMonkey/2.46

Howard Chu wrote:
> Michael Ströder wrote:
>> Eventual I'd like to have a constraint like this:
>>
>> # check whether appropriate password policy is assigned
>> constraint_attribute structuralObjectClass,pwdPolicySubentry
>>   set "this/structuralObjectClass & this/pwdPolicySubentry/aeApplicableSOC"
> 
> Not possible without custom code.

Hmm, are this/structuralObjectClass and this/pwdPolicySubentry generally
unusable in set-constraints?

Or does it not work because of the different matching rules?

I'm asking because this constraint is not applied at all (with aeApplicableSOC
declared as IA5 String, lines wrapped in the e-mail):

constraint_attribute pwdPolicySubentry
  set "this/pwdPolicySubentry & ([ldap:///{{ aedir_suffix }}?entryDN?sub?
       (&(objectClass=aePolicy)(aeStatus=0)(aeApplicableSOC=] +
       this/structuralObjectClass + [))]/entryDN)"

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- OID syntax and NAMEs
  - From: Michael Ströder <michael@stroeder.com>
- Re: OID syntax and NAMEs
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Ldap not reachable/tuning
Next by Date: Re: OID syntax and NAMEs
Index(es):
- Chronological
- Thread