Could someone make sure I'm not going mad before I call this a
bug?
In slapd.conf:
constraint_attribute mail regex ^[^@]+@[a-z0-9\-]+(\.[a-z0-9\-]+)*$
stick this into ldapmodify and it is allowed:
replace: mail
mail: mrwibble-bble@example#com
This looks like the last \. is being parsed to . before the regex engine
sees it.
With this regex:
constraint_attribute mail regex ^[^@]+@[a-z0-9\-]+(\\.[a-z0-9\-]+)*$
the constraint acts on mrwibble-bble@example#com
but allows
mrwibble-bble(a)example.com
which is correct.
Is this a bug in the code, a bug in man -S5 slapo-constraint
(which does not mention double escaping is necessary) or am I insane?
Makes me wonder what is happening with the \-
Hmm
Both:
constraint_attribute mail regex ^[^@]+@[a-z0-9\-]+(\\.[a-z0-9\-]+)*$
and
constraint_attribute mail regex ^[^@]+@[a-z0-9\-]+(\\.[a-z0-9\\-]+)*$
accept mrwibble-bble(a)example.c-o-m
I'll investigate further is someone would kindly rule out anything I may
have overlooked.
Not a slapo-constraint(5) issue, but a slapd.conf(5) issue. '\' is the
escape char for slapd.conf(5). If you want a '\' to appear in a string,
you need to escape it. So
constraint_attribute mail regex ^[^@]+@[a-z0-9\-]+(\\.[a-z0-9\-]+)*$
passes '^[^@]+@[a-z0-9-]+(\.[a-z0-9-]+)*$' to the regex parser.
p.
--
Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano