Re: [pve-devel] [PATCH access-control] ldap: fix ldap distinguished names regex

2023-05-28 Thread Thomas Lamprecht
Am 17/05/2023 um 15:42 schrieb Stefan Sterz: > sorry just noticed i forgot: adding tests for this was > > Suggested-by: Dominik Csapak I mean, it's really great that we finally get some tests here and if only Dominik statement made you do it, then chapeau to him! But, Suggested-by's should be

Re: [pve-devel] [PATCH access-control] ldap: fix ldap distinguished names regex

2023-05-25 Thread Christoph Heiss
On Tue, May 23, 2023 at 02:17:18PM +0200, Stefan Sterz wrote: > On 23.05.23 12:12, Christoph Heiss wrote: > > On Tue, May 23, 2023 at 10:56:24AM +0200, Stefan Sterz wrote: > > [..] > > yeah that would probably be best, as it's also closer to what the user > wants (a working ldap setup) than either

Re: [pve-devel] [PATCH access-control] ldap: fix ldap distinguished names regex

2023-05-23 Thread Stefan Sterz
On 23.05.23 12:12, Christoph Heiss wrote: > On Tue, May 23, 2023 at 10:56:24AM +0200, Stefan Sterz wrote: >> On 23.05.23 08:58, Christoph Heiss wrote: >>> On Wed, May 17, 2023 at 03:39:31PM +0200, Stefan Sterz wrote: [..] >>> While reviewing that, I had a look at the `Net::LDAP` perl library

Re: [pve-devel] [PATCH access-control] ldap: fix ldap distinguished names regex

2023-05-23 Thread Christoph Heiss
On Tue, May 23, 2023 at 10:56:24AM +0200, Stefan Sterz wrote: > On 23.05.23 08:58, Christoph Heiss wrote: > > On Wed, May 17, 2023 at 03:39:31PM +0200, Stefan Sterz wrote: > >> [..] > > While reviewing that, I had a look at the `Net::LDAP` perl library > > again, if it provides a way to _somehow_

Re: [pve-devel] [PATCH access-control] ldap: fix ldap distinguished names regex

2023-05-23 Thread Stefan Sterz
On 23.05.23 08:58, Christoph Heiss wrote: > On Wed, May 17, 2023 at 03:39:31PM +0200, Stefan Sterz wrote: >> [..] >> >> this commit also adds a test file that tests the regex against a >> number of common pitfalls. including distinguished names that are >> structurally similar to those reported as

Re: [pve-devel] [PATCH access-control] ldap: fix ldap distinguished names regex

2023-05-23 Thread Christoph Heiss
On Wed, May 17, 2023 at 03:39:31PM +0200, Stefan Sterz wrote: > [..] > > this commit also adds a test file that tests the regex against a > number of common pitfalls. including distinguished names that are > structurally similar to those reported as erroneously forbidden > earlier. these tests

Re: [pve-devel] [PATCH access-control] ldap: fix ldap distinguished names regex

2023-05-17 Thread Stefan Sterz
sorry just noticed i forgot: adding tests for this was Suggested-by: Dominik Csapak On 17.05.23 15:39, Stefan Sterz wrote: > according to the current specification of the string representation of > ldap distinguished names (DN) presented by RFC 4514 [1] the current > regex checking ldap DNs

[pve-devel] [PATCH access-control] ldap: fix ldap distinguished names regex

2023-05-17 Thread Stefan Sterz
according to the current specification of the string representation of ldap distinguished names (DN) presented by RFC 4514 [1] the current regex checking ldap DNs still prevents users from entering valid DNs. for example we do not allow multi-valued RelativeDistinguishedNames as these are