dn[.<dnstyle>[,<modifier>]]=<DN>
dnattr=<attrname>
group[/<objectclass>[/<attrname>]]
- [.<style>]=<group>
+ [.<groupstyle>]=<group>
peername[.<peernamestyle>]=<peername>
sockname[.<style>]=<sockname>
domain[.<domainstyle>[,<modifier>]]=<domain>
.LP
.nf
<dnstyle>={{exact|base}|regex|sub(tree)|one(level)|children}
+ <groupstyle>={exact|expand}
<style>={exact|regex}
<peernamestyle>={exact|regex|ip|path}
<domainstyle>={exact|regex|sub(tree)}
The optional style qualifier
.B <style>
can be
-.BR regex ,
+.BR expand ,
which means that
.B <group>
will be expanded as a replacement string (but not as a regular expression)
according to regex (7), and
-.B base
-or
-.B exact
-(an alias of
-.BR base ),
+.BR exact ,
which means that exact match will be used.
.LP
For static groups, the specified attributeType must have
.B labeledURI
attributeType. Only LDAP URIs of the form
.B ldap:///<base>??<scope>?<filter>
-will be evaluated in a dynamic group.
+will be evaluated in a dynamic group, by searching the local server only.
.LP
The statements
.BR peername=<peername> ,
static char *style_strings[] = {
"regex",
+ "expand",
"base",
"one",
"subtree",
} else if ( strcasecmp( style, "regex" ) == 0 ) {
sty = ACL_STYLE_REGEX;
+ } else if ( strcasecmp( style, "expand" ) == 0 ) {
+ sty = ACL_STYLE_EXPAND;
+
} else if ( strcasecmp( style, "ip" ) == 0 ) {
sty = ACL_STYLE_IP;
if ( style_modifier &&
strcasecmp( style_modifier, "expand" ) == 0 )
{
- expand = 1;
+ switch ( sty ) {
+ case ACL_STYLE_REGEX:
+ fprintf( stderr, "%s: line %d: "
+ "\"regex\" style implies "
+ "\"expand\" modifier (ignored)\n",
+ fname, lineno );
+ break;
+
+ case ACL_STYLE_EXPAND:
+ fprintf( stderr, "%s: line %d: "
+ "\"expand\" style used "
+ "in conjunction with "
+ "\"expand\" modifier (ignored)\n",
+ fname, lineno );
+ break;
+
+ default:
+ expand = 1;
+ break;
+ }
+ }
+
+ if ( ( sty == ACL_STYLE_EXPAND || expand )
+ && ( a->acl_dn_pat.bv_len && a->acl_dn_style != ACL_STYLE_REGEX) )
+ {
+ fprintf( stderr, "%s: line %d: "
+ "\"expand\" style or modifier used "
+ "in conjunction with "
+ "a non-regex <what> clause\n",
+ fname, lineno );
}
+
if ( strcasecmp( argv[i], "*" ) == 0 ) {
bv.bv_val = ch_strdup( "*" );
bv.bv_len = 1;
char *name = NULL;
char *value = NULL;
- if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
+ switch ( sty ) {
+ case ACL_STYLE_REGEX:
+ /* legacy */
+ fprintf( stderr, "%s: line %d: "
+ "deprecated group style \"regex\"; "
+ "use \"expand\" instead\n",
+ fname, lineno, style );
+ sty = ACL_STYLE_EXPAND;
+ break;
+
+ case ACL_STYLE_EXPAND:
+ case ACL_STYLE_BASE:
+ /* legal */
+ break;
+
+ default:
+ /* unhandled */
fprintf( stderr, "%s: line %d: "
"inappropriate style \"%s\" in by clause\n",
- fname, lineno, style );
+ fname, lineno, style );
acl_usage();
}
}
b->a_group_style = sty;
- if (sty == ACL_STYLE_REGEX) {
+ if (sty == ACL_STYLE_EXPAND) {
acl_regex_normalized_dn( right, &bv );
if ( !ber_bvccmp( &bv, '*' ) ) {
regtest(fname, lineno, bv.bv_val);
projects / openldap / commitdiff