[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Regular expressions in access control lists (ACLs)

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: Regular expressions in access control lists (ACLs)
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Fri, 2 Apr 1999 08:10:07 +0200 (MET DST)
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <3.0.5.32.19990401215055.00a09a10@localhost>
References: <HBF.990402vror@bombur.uio.no> <3.0.5.32.19990401215055.00a09a10@localhost>

Kurt D. Zeilenga writes:
>At 05:36 AM 4/2/99 +0200, Hallvard B Furuseth wrote:
>>People,
>>
>>do you use regular expressions in ACLs in slapd.conf, as in
>>	(cn=John|Abel)*,o=somewhere
> 
> One of my personal favorite (...)

Damn.  That was more useful than I'd hoped for...


>> Regular expressions in ACLs are bug-prone because
>> - they can't handle DNs that contain both case-sensitive and
>>   case-insensitive attributes,
> 
> DN, itself, is case insensitive string.

What do you mean?  If I have the
	attribute  id  ces
in slapd.conf, should 'id=AA,o=UiO' match 'id=aa,o=UiO'?


>>   The ACL won't work properly when that's
>>   done wrong - unless the ACL already matches the DN's normalized form.
> 
> The fact that a some folks cannot write a regex to match a normalized
> DN is poor reason to remove the functionality used by others.

OK.

-- 
Hallvard

References:
- Regular expressions in access control lists (ACLs)
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Regular expressions in access control lists (ACLs)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Regular expressions in access control lists (ACLs)
Next by Date: NT port
Index(es):
- Chronological
- Thread