Re: ACL with val.regex expression

[Mark Dieterich <mkd@cs.brown.edu>]

> access to attrs=description val.regex="^/bin/[^f][^s][^h]"
>         by users write
>         by * read

Thanks for the followup, I'll have to play around some more.

> (I didn't feel like populating the database with homeDirectory and so),
> and it worked: users were able to add/delete "/bin/bash", but not
> "/bin/fsh".

I think what I wanted was subtly different than this though.  I need for
users who have an existing value of "/bin/fsh" to be prevented from
deleting or modifying their entry.  The crux of my issue here appears to
be that I didn't understand that the val.<type>=<value> constraint is
only evaluated on the add portion of an operation, i.e. as a way of
controlling possible values you can input.  Instead, I thought it was
part of the query operation, i.e. this is an ACL applying to a certain
attribute under the condition where a certain regular expression applies
to the value of the attribute.

The sets notation gave me what I needed.

Thanks!

Mark