On Dec 10, 2008, at 14.22, Pierangelo Masarati wrote:
benjamin thielsen wrote:
i'm experimenting with the constrain overlay, and have what i think is a fairly simply constraint that's giving me trouble. below are the details. i believe i've followed slapo-constraint(5) (and regex(7)) accurately, but i must be missing something.
cat montage_admin.ldif
dn: uid = admin ,ou=montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=com changetype: modify replace: uidNumber uidNumber: 5000
ldapmodify -vxWD 'cn=admin,dc=ltn,dc=lvc,dc=com' -f
montage_admin.ldif ldap_initialize( <DEFAULT> ) Enter LDAP Password: replace uidNumber: 5000 modifying entry "uid = admin ,ou =montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=com" ldap_modify: Constraint violation (19) additional info: modify breaks constraint on uidNumber
ldapsearch -vvxWLLLD 'cn=admin,dc=ltn,dc=lvc,dc=com' "(uid=admin)"
ldap_initialize( <DEFAULT> )slapo-constaint Enter LDAP Password: filter: (uid=admin) requesting: All userApplication attributes dn: uid = admin ,ou=montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=c om userPassword:: e1NTSEF9TkF5TGVabXFWTU9zT01EZVNWdHA1Mm9uUWtOalg3cXY= objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: top homeDirectory: /dev/null cn: admin uid: admin sn: admin givenName: admin gidNumber: 5001 uidNumber: 2016
ldapsearch -vvxWLLLb 'cn=config' -D 'cn=admin,cn=config'
"(objectClass=olcConstraintConfig)" ldap_initialize( <DEFAULT> ) Enter LDAP Password: filter: (objectClass=olcConstraintConfig) requesting: All userApplication attributes dn: olcOverlay={3}constraint,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcConstraintConfig olcOverlay: {3}constraint olcConstraintAttribute: uidNumber regex ^[:digit:]*$
if by that regex you mean: "only allow digits", then it should be "^[[:digit:]]+$".
p.
aha, thanks - that works. i had actually wondered that, but since the example in slapo-constraint(5) used single brackets i didn't consider it further. shame on me for not trying anyway :)
-ben