--- src/config/cfg_rules.ini.orig	2024-04-24 13:37:15 UTC
+++ src/config/cfg_rules.ini
@@ -11,15 +11,15 @@ section_re = ^prompting/password$
 section = kcm
 section = session_recording
 section_re = ^prompting/password$
-section_re = ^prompting/password/[^/\@]\+$
+section_re = ^prompting/password/[^/\@]\{1,\}$
 section_re = ^prompting/2fa$
-section_re = ^prompting/2fa/[^/\@]\+$
+section_re = ^prompting/2fa/[^/\@]\{1,\}$
 section_re = ^prompting/passkey$
-section_re = ^prompting/passkey/[^/\@]\+$
-section_re = ^domain/[^/\@]\+$
-section_re = ^domain/[^/\@]\+/[^/\@]\+$
-section_re = ^application/[^/\@]\+$
-section_re = ^certmap/[^/\@]\+/[^/\@]\+$
+section_re = ^prompting/passkey/[^/\@]\{1,\}$
+section_re = ^domain/[^/\@]\{1,\}$
+section_re = ^domain/[^/\@]\{1,\}/[^/\@]\{1,\}$
+section_re = ^application/[^/\@]\{1,\}$
+section_re = ^certmap/[^/\@]\{1,\}/[^/\@]\{1,\}$
 
 
 [rule/allowed_sssd_options]
@@ -329,13 +329,13 @@ validator = ini_allowed_options
 
 [rule/allowed_prompting_password_subsec_options]
 validator = ini_allowed_options
-section_re = ^prompting/password/[^/\@]\+$
+section_re = ^prompting/password/[^/\@]\{1,\}$
 
 option = password_prompt
 
 [rule/allowed_prompting_2fa_subsec_options]
 validator = ini_allowed_options
-section_re = ^prompting/2fa/[^/\@]\+$
+section_re = ^prompting/2fa/[^/\@]\{1,\}$
 
 option = single_prompt
 option = first_prompt
@@ -343,7 +343,7 @@ validator = ini_allowed_options
 
 [rule/allowed_prompting_passkey_subsec_options]
 validator = ini_allowed_options
-section_re = ^prompting/passkey/[^/\@]\+$
+section_re = ^prompting/passkey/[^/\@]\{1,\}$
 
 option = interactive
 option = interactive_prompt
@@ -352,7 +352,7 @@ validator = ini_allowed_options
 
 [rule/allowed_domain_options]
 validator = ini_allowed_options
-section_re = ^\(domain\|application\)/[^/]\+$
+section_re = ^(domain|application)/[^/]\{1,\}$
 
 option = debug
 option = debug_level
@@ -810,7 +810,7 @@ validator = ini_allowed_options
 
 [rule/allowed_subdomain_options]
 validator = ini_allowed_options
-section_re = ^domain/[^/\@]\+/[^/\@]\+$
+section_re = ^domain/[^/\@]+/[^/\@]\{1,\}$
 
 option = ldap_search_base
 option = ldap_user_search_base
@@ -832,7 +832,7 @@ validator = ini_allowed_options
 
 [rule/allowed_certmap_options]
 validator = ini_allowed_options
-section_re = ^certmap/[^/\@]\+/[^/\@]\+$
+section_re = ^certmap/[^/\@]+/[^/\@]\{1,\}$
 
 option = matchrule
 option = maprule