Re: ACL regex and attribute value

Emmanuel Dreyfus wrote:
> Helo
> 
> Is the kind of ACL below supported?
> access to dn.regex="^uid=.+,(ou=.+),o=org$" attrs=foo val.regex="^(.*)$"
>   by ...
> 
> I expect $1 to hold ou=whatever and $2 to hold attribute foo value that
> gets modified. I have trouble to get it working, and I wonder if
> 1) are $<digit> supported in val.regex ?

No, AFAIK.

> 2) is it allowed touse $<digit> with multiples regex? Ot will the values
> gathered by the last match overwrite the first one?

You should define its meaning.  If val.regex were to support submatches, 
I don't see anything preventing slapd from considering the various bits 
of the <what> part as a single, ordered source of submatches to be used 
in the <by> clause.  You should be aware, however, that the ordering of 
<what> (and <by>) patterns is hardcoded, and they get re-sorted 
internally.  For example, you could write

access to dn.regex="^uid=.+,(ou=.+),o=org$" attrs=foo val.regex="^(.*)$"

or

access to attrs=foo val.regex="^(.*)$" dn.regex="^uid=.+,(ou=.+),o=org$"

and they would be represented exactly the same in the ACL data