How to best handle DN+String and DN+Binary in OL?

Andrew Bartlett abartlet at
Sun Jul 11 07:49:53 MDT 2010

I'm back on my occasional task of trying to get the OpenLDAP backend to
Samba4 going again, and was hoping to simply test out the fine work done
on the vernum module.  (which I should have tested at the time it was

Anyway, Samba has moved on, and things have broken.  Part of the changes
relate to these additional DN types (found in AD), of:

#define DSDB_SYNTAX_BINARY_DN   "1.2.840.113556.1.4.903"

#define DSDB_SYNTAX_STRING_DN   "1.2.840.113556.1.4.904"

#define DSDB_SYNTAX_OR_NAME     "1.2.840.113556.1.4.1221"

These are quite odd in their behaivour, but in short they are both a
string or binary blob and a DN, all in one.  Only the DN portion is
relevant for attribute matching rules.

Currently, I map these to strings, but they are not strings - and need
proper DN match rules, as I need to be able to use the 'deref' module on
them (and to correctly handle the case sensitive/insensitive nature of

What is the best way to get OpenLDAP to understand it needs to match on
and follow references to the DN part of these values?

(Additionally, even when just use deref with normal DNs, I'm not getting
a the control response, but I need to get more info before I can pin the
details down)


Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list