Hello, I am searching for a way to add an LDAP constraint on attributes which prevents setting specific values. For example, I want to prevent that the attribute "uid" is equal to (case insensitive) "foo" or "bar".
Using the manpage from https://linux.die.net/man/5/slapo-constraint it seems not possible, I tried a lot of things like: constraint_attribute uid set "this/uid & ([foo])" constraint_attribute uid set "this/uid & [foo]" constraint_attribute uid uri ldap:///dc=school,dc=local?forbidden?sub?(objectClass=forbiddenUsernames) constraint_attribute uid regex ^[^f][^o][^o]*$ Even if they were working (they don't) I needed to reverse the whole constraint because this would only allow me to add a whitelist while I want to add a blacklist. (Best would be If I could just add a "!" before the attribute contsraint.) I hope there is something which could help me. Best regards Florian -- Florian Best Open Source Software Engineer Univention GmbH be open Mary-Somerville-Str.1 28359 Bremen Tel.: +49 421 22232-0 Fax : +49 421 22232-99 [email protected] http://www.univention.de Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876
