[Date Prev][Date Next] [Chronological] [Thread] [Top]

Blacklists of simple values in LDAP attribute constraints overlay?

To: openldap-technical@openldap.org
Subject: Blacklists of simple values in LDAP attribute constraints overlay?
From: Florian Best <best@univention.de>
Date: Thu, 27 Jul 2017 18:09:30 +0200
Content-language: de-DE
Organization: Univention GmbH
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1

Hello,

I am searching for a way to add an LDAP constraint on attributes which
prevents setting specific values.
For example, I want to prevent that the attribute "uid" is equal to
(case insensitive) "foo" or "bar".

Using the manpage from https://linux.die.net/man/5/slapo-constraint it
seems not possible, I tried a lot of things like:

constraint_attribute uid set "this/uid & ([foo])"
constraint_attribute uid set "this/uid & [foo]"
constraint_attribute uid uri
ldap:///dc=school,dc=local?forbidden?sub?(objectClass=forbiddenUsernames)
constraint_attribute uid regex ^[^f][^o][^o]*$

Even if they were working (they don't) I needed to reverse the whole
constraint because this would only allow me to add a whitelist while I
want to add a blacklist. (Best would be If I could just add a "!" before
the attribute contsraint.)

I hope there is something which could help me.

Best regards
Florian

-- 
Florian Best
Open Source Software Engineer
 
Univention GmbH
be open
Mary-Somerville-Str.1
28359 Bremen
Tel.: +49 421 22232-0
Fax : +49 421 22232-99

best@univention.de
http://www.univention.de

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876

Follow-Ups:
- Re: Blacklists of simple values in LDAP attribute constraints overlay?
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: consumer state is newer than provider (was "can I replicate several branches to the same slave from one master?")
Next by Date: Re: Blacklists of simple values in LDAP attribute constraints overlay?
Index(es):
- Chronological
- Thread