--On Saturday, November 7, 2020 6:40 PM +0000 David Barchiesi
After reading the slapo-constraint man page and searching online for a
possible solution it is clear that the overlay doesn't conveniently allow
setting a constraint with a negated regex.
The root cause is that negative lookahead isn't supported by extended
POSIX regex. One could argue that the complement of a regular language
is itself regular again and therefore it is certainly possible to write
a regex that doesn't allow certain values, however any regex of this
sort quickly becomes complex .
Taking grep as an example (i.e. --invert-match), I propose adding a
constraint type that allows using a regex in a negated way. When a match
is found a constraint error is raised. Looking at the constraint overlay
code it seems pretty trivial and I am willing to submit myself a patch
that allows setting something like:
constraint_attribute mail negregex ^.*(a)somedomain\.com$
I already have an initial implementation and first tests seem to work as
intended. Would such a patch be accepted? If so, could anyone guide me
with getting the patch merged?
The project would be happy to accept such a contribution. The contribution
process is generally documented at
a) File an ITS for this new functionality if one does not already exist at
b) Create an account at https://git.openldap.org
and fork the OpenLDAP
c) Create a working branch off of master (i.e., git checkout -b its####)
d) Commit your work and git push
e) Submit an MR
f) Ensure you add a rights statement as documented in the contrib web page
to the ITS so we have a history of it.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: