[email protected] wrote: > Full_Name: Jorge Perez Burgos > Version: 2.4.21 > OS: linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (195.235.15.243) > > > I'd suggest to introduce a "subtree-include" directive, mutually exclusive > with > "subtree-exclude", with different syntaxes, like: > > "[dn[.<style>]:]<pattern>" > > where <style> can be "subtree" or "regex" (other styles like "exact", > "onelevel", "subordinate" could make sense but would be of limited > usefulness); > so, for example > > "dn.subtree:<dn>" ("dn.subtree" implicit for backward compatibility) > "dn.regex:<pattern>" > > The "dn.<style>:" prefix is consistent with other features like ACLs, limits > and > so. There's ITS#5877 open about making this uniform across slapd for all > features. > > Multiple patterns could be defined; the first that matches would stop > execution. > If configured as "subtree-exclude", a match would qualify the target as > "non-candidate" (current behavior for "subtree-exclude"). If configured as > "subtree-include", a match would qualify the target as "candidate".
Jorge and I discussed this off-line; suggestions are welcome, otherwise I'd implement it this way right now with ad-hoc code, and eventually turn it into a generally useful feature that could be reused in ACLs, limits, authz, and in other to-be-defined features. p.
