.B constraint_attribute <attribute_name>[,...] <type> <value> [<extra> [...]]
Specifies the constraint which should apply to the comma-separated
attribute list named as the first parameter.
-Five types of constraint are currently supported -
+Six types of constraint are currently supported -
.BR regex ,
+.BR negregex ,
.BR size ,
.BR count ,
.BR uri ,
The parameter following the
.B regex
+or
+.B negregex
type is a Unix style regular expression (See
.BR regex (7)
). The parameter following the
constraint_attribute jpegPhoto size 131072
constraint_attribute userPassword count 3
constraint_attribute mail regex ^[[:alnum:]]+@mydomain.com$
+constraint_attribute mail negregex ^[[:alnum:]]+@notallowed.com$
constraint_attribute title uri
ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
constraint_attribute cn,sn,givenName set
A specification like the above would reject any
.B mail
attribute which did not look like
-.BR "<alpha-numeric string>@mydomain.com" .
+.BR "<alpha-numeric string>@mydomain.com"
+or that looks like
+.BR "<alpha-numeric string>@notallowed.com" .
It would also reject any
.B title
attribute whose values were not listed in the
*/
#define REGEX_STR "regex"
+#define NEG_REGEX_STR "negregex"
#define URI_STR "uri"
#define SET_STR "set"
#define SIZE_STR "size"
CONSTRAINT_COUNT,
CONSTRAINT_SIZE,
CONSTRAINT_REGEX,
+ CONSTRAINT_NEG_REGEX,
CONSTRAINT_SET,
CONSTRAINT_URI,
};
static ConfigDriver constraint_cf_gen;
static ConfigTable constraintcfg[] = {
- { "constraint_attribute", "attribute[list]> (regex|uri|set|size|count) <value> [<restrict URI>]",
+ { "constraint_attribute", "attribute[list]> (regex|negregex|uri|set|size|count) <value> [<restrict URI>]",
4, 0, 0, ARG_MAGIC | CONSTRAINT_ATTRIBUTE, constraint_cf_gen,
"( OLcfgOvAt:13.1 NAME 'olcConstraintAttribute' "
"DESC 'constraint for list of attributes' "
tstr = REGEX_STR;
quotes = 1;
break;
+ case CONSTRAINT_NEG_REGEX:
+ tstr = NEG_REGEX_STR;
+ quotes = 1;
+ break;
case CONSTRAINT_SET:
tstr = SET_STR;
quotes = 1;
}
}
- if ( strcasecmp( c->argv[2], REGEX_STR ) == 0) {
+ int is_regex = strcasecmp( c->argv[2], REGEX_STR ) == 0;
+ int is_neg_regex = strcasecmp( c->argv[2], NEG_REGEX_STR ) == 0;
+ if ( is_regex || is_neg_regex ) {
int err;
- ap.type = CONSTRAINT_REGEX;
+ ap.type = is_regex ? CONSTRAINT_REGEX : CONSTRAINT_NEG_REGEX;
ap.re = ch_malloc( sizeof(regex_t) );
if ((err = regcomp( ap.re,
c->argv[3], REG_EXTENDED )) != 0) {
if (regexec(c->re, bv->bv_val, 0, NULL, 0) == REG_NOMATCH)
return LDAP_CONSTRAINT_VIOLATION; /* regular expression violation */
break;
+ case CONSTRAINT_NEG_REGEX:
+ if (regexec(c->re, bv->bv_val, 0, NULL, 0) != REG_NOMATCH)
+ return LDAP_CONSTRAINT_VIOLATION; /* regular expression violation */
+ break;
case CONSTRAINT_URI: {
Operation nop = *op;
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
projects / thirdparty / openldap.git / commitdiff
