Hello,
After reading the slapo-constraint man page and searching online for a
possible solution it is clear that the overlay doesn't conveniently allow
setting a constraint with a negated regex.
The root cause is that negative lookahead isn't supported by extended POSIX
regex. One could argue that the complement of a regular language is itself
regular again and therefore it is certainly possible to write a regex that
doesn't allow certain values, however any regex of this sort quickly becomes
complex [1][2][3].
Taking grep as an example (i.e. --invert-match), I propose adding a constraint
type that allows using a regex in a negated way. When a match is found a
constraint error is raised. Looking at the constraint overlay code it seems
pretty trivial and I am willing to submit myself a patch that allows setting
something like:
constraint_attribute mail negregex ^.*(a)somedomain\.com$
I already have an initial implementation and first tests seem to work as
intended. Would such a patch be accepted? If so, could anyone guide me with
getting the patch merged?
Thanks in advance,
David
[1]
https://stackoverflow.com/questions/55190518/extended-posix-regular-expre...
[2]
https://stackoverflow.com/questions/15377469/posix-regular-expressions-ex...
[3]
https://stackoverflow.com/questions/38928863/posix-regex-not-match-a-word