Does the regex engine in OpenLDAP not support lazy quantifiers?  Why does the ACL processing in this log show only one capture group as if the lazy quantifier in the first capture group isn’t recognized?  Every tester I plug this regex into produces 2 capture groups which is what I need.  I need to carve off the leading OU as one capture group and capture the remaining chain of OUs as the second group then re-use both in my ACLs.  Any suggestions for creating a regex that would produce the desired capture groups for use in my ACLs? 

 

5d94aa15 => dnpat: [18] (ou=.+?,)?(ou=.+,)?ou=Delegated,ou=ApplicationData,dc=global,dc=aep,dc=com$ nsub: 2

5d94aa15 => acl_get: [18] matched

5d94aa15 => acl_get: [18] attr entry

5d94aa15 => match[dn0]: 0 95 ou=testapplication,ou=bolt,ou=concourse,ou=delegated,ou=applicationdata,dc=global,dc=aep,dc=com

5d94aa15 => match[dn1]: 0 40 ou=testapplication,ou=bolt,ou=concourse,