--On Saturday, November 7, 2020 6:40 PM +0000 David Barchiesi
<da...@barchie.si> wrote:
Hello,
After reading the slapo-constraint man page and searching online for a
possible solution it is clear that the overlay doesn't conveniently allow
setting a constraint with a negated regex.
The root cause is that negative lookahead isn't supported by extended
POSIX regex. One could argue that the complement of a regular language
is itself regular again and therefore it is certainly possible to write
a regex that doesn't allow certain values, however any regex of this
sort quickly becomes complex [1][2][3].
Taking grep as an example (i.e. --invert-match), I propose adding a
constraint type that allows using a regex in a negated way. When a match
is found a constraint error is raised. Looking at the constraint overlay
code it seems pretty trivial and I am willing to submit myself a patch
that allows setting something like:
constraint_attribute mail negregex ^.*@somedomain\.com$
I already have an initial implementation and first tests seem to work as
intended. Would such a patch be accepted? If so, could anyone guide me
with getting the patch merged?
Hi David,
The project would be happy to accept such a contribution. The contribution
process is generally documented at
<https://www.openldap.org/devel/contributing.html> but:
a) File an ITS for this new functionality if one does not already exist at
<https://bugs.openldap.org>
b) Create an account at https://git.openldap.org and fork the OpenLDAP
repository
c) Create a working branch off of master (i.e., git checkout -b its####)
d) Commit your work and git push
e) Submit an MR
f) Ensure you add a rights statement as documented in the contrib web page
to the ITS so we have a history of it.
Thanks!
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
