Could someone make sure I'm not going mad before I call this a bug?
In slapd.conf:
constraint_attribute mail regex ^[^@]+@[a-z0-9-]+(.[a-z0-9-]+)*$
stick this into ldapmodify and it is allowed:
replace: mail mail: mrwibble-bble@example#com
This looks like the last . is being parsed to . before the regex engine sees it.
With this regex:
constraint_attribute mail regex ^[^@]+@[a-z0-9-]+(\.[a-z0-9-]+)*$
the constraint acts on mrwibble-bble@example#com but allows mrwibble-bble@example.com
which is correct.
Is this a bug in the code, a bug in man -S5 slapo-constraint (which does not mention double escaping is necessary) or am I insane?
Makes me wonder what is happening with the -
Hmm
Both:
constraint_attribute mail regex ^[^@]+@[a-z0-9-]+(\.[a-z0-9-]+)*$ and constraint_attribute mail regex ^[^@]+@[a-z0-9-]+(\.[a-z0-9\-]+)*$
accept mrwibble-bble@example.c-o-m
I'll investigate further is someone would kindly rule out anything I may have overlooked.
Not a slapo-constraint(5) issue, but a slapd.conf(5) issue. '' is the escape char for slapd.conf(5). If you want a '' to appear in a string, you need to escape it. So
constraint_attribute mail regex ^[^@]+@[a-z0-9-]+(\.[a-z0-9-]+)*$
passes '^[^@]+@[a-z0-9-]+(.[a-z0-9-]+)*$' to the regex parser.
p.