Re: Double escaping \ in regex in slapo-constraint directives in slapd.conf

["Pierangelo Masarati" <masarati@aero.polimi.it>]

> Could someone make sure I'm not going mad before I call this a bug?
>
> In slapd.conf:
>
> constraint_attribute mail regex ^[^@]+@[a-z0-9\-]+(\.[a-z0-9\-]+)*$
>
>
> stick this into ldapmodify and it is allowed:
>
> replace: mail
> mail: mrwibble-bble@example#com
>
>
> This looks like the last \. is being parsed to . before the regex engine
> sees it.
>
>
> With this regex:
>
> constraint_attribute mail regex ^[^@]+@[a-z0-9\-]+(\\.[a-z0-9\-]+)*$
>
> the constraint acts on mrwibble-bble@example#com
> but allows
> mrwibble-bble@example.com
>
> which is correct.
>
> Is this a bug in the code, a bug in man -S5 slapo-constraint
> (which does not mention double escaping is necessary) or am I insane?
>
> Makes me wonder what is happening with the \-
>
> Hmm
>
> Both:
>
> constraint_attribute mail regex ^[^@]+@[a-z0-9\-]+(\\.[a-z0-9\-]+)*$
> and
> constraint_attribute mail regex ^[^@]+@[a-z0-9\-]+(\\.[a-z0-9\\-]+)*$
>
> accept mrwibble-bble@example.c-o-m
>
>
>
>
> I'll investigate further is someone would kindly rule out anything I may
> have overlooked.

Not a slapo-constraint(5) issue, but a slapd.conf(5) issue.  '\' is the
escape char for slapd.conf(5).  If you want a '\' to appear in a string,
you need to escape it.  So

constraint_attribute mail regex ^[^@]+@[a-z0-9\-]+(\\.[a-z0-9\-]+)*$

passes '^[^@]+@[a-z0-9-]+(\.[a-z0-9-]+)*$' to the regex parser.

p.


-- 
Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano