Hello,
After reading the slapo-constraint man page and searching online for a possible solution it is clear that the overlay doesn't conveniently allow setting a constraint with a negated regex.
The root cause is that negative lookahead isn't supported by extended POSIX regex. One could argue that the complement of a regular language is itself regular again and therefore it is certainly possible to write a regex that doesn't allow certain values, however any regex of this sort quickly becomes complex [1][2][3].
Taking grep as an example (i.e. --invert-match), I propose adding a constraint type that allows using a regex in a negated way. When a match is found a constraint error is raised. Looking at the constraint overlay code it seems pretty trivial and I am willing to submit myself a patch that allows setting something like:
constraint_attribute mail negregex ^.*@somedomain.com$
I already have an initial implementation and first tests seem to work as intended. Would such a patch be accepted? If so, could anyone guide me with getting the patch merged?
Thanks in advance, David
[1] https://stackoverflow.com/questions/55190518/extended-posix-regular-expressi... [2] https://stackoverflow.com/questions/15377469/posix-regular-expressions-exclu... [3] https://stackoverflow.com/questions/38928863/posix-regex-not-match-a-word