[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Blacklists of simple values in LDAP attribute constraints overlay?
- To: openldap-technical@openldap.org
- Subject: Blacklists of simple values in LDAP attribute constraints overlay?
- From: Florian Best <best@univention.de>
- Date: Thu, 27 Jul 2017 18:09:30 +0200
- Content-language: de-DE
- Organization: Univention GmbH
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
Hello,
I am searching for a way to add an LDAP constraint on attributes which
prevents setting specific values.
For example, I want to prevent that the attribute "uid" is equal to
(case insensitive) "foo" or "bar".
Using the manpage from https://linux.die.net/man/5/slapo-constraint it
seems not possible, I tried a lot of things like:
constraint_attribute uid set "this/uid & ([foo])"
constraint_attribute uid set "this/uid & [foo]"
constraint_attribute uid uri
ldap:///dc=school,dc=local?forbidden?sub?(objectClass=forbiddenUsernames)
constraint_attribute uid regex ^[^f][^o][^o]*$
Even if they were working (they don't) I needed to reverse the whole
constraint because this would only allow me to add a whitelist while I
want to add a blacklist. (Best would be If I could just add a "!" before
the attribute contsraint.)
I hope there is something which could help me.
Best regards
Florian
--
Florian Best
Open Source Software Engineer
Univention GmbH
be open
Mary-Somerville-Str.1
28359 Bremen
Tel.: +49 421 22232-0
Fax : +49 421 22232-99
best@univention.de
http://www.univention.de
Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876