How to best handle DN+String and DN+Binary in OL?
Howard Chu
hyc at symas.com
Sun Jul 11 15:16:20 MDT 2010
Andrew Bartlett wrote:
> I'm back on my occasional task of trying to get the OpenLDAP backend to
> Samba4 going again, and was hoping to simply test out the fine work done
> on the vernum module. (which I should have tested at the time it was
> developed).
>
> Anyway, Samba has moved on, and things have broken. Part of the changes
> relate to these additional DN types (found in AD), of:
>
> #define DSDB_SYNTAX_BINARY_DN "1.2.840.113556.1.4.903"
> http://msdn.microsoft.com/en-us/library/ms684429%28VS.85%29.aspx
>
> #define DSDB_SYNTAX_STRING_DN "1.2.840.113556.1.4.904"
> http://msdn.microsoft.com/en-us/library/ms684430%28VS.85%29.aspx
>
> #define DSDB_SYNTAX_OR_NAME "1.2.840.113556.1.4.1221"
> http://archives.free.net.ph/message/20091211.162430.74b43d9e.en.html
>
> These are quite odd in their behaivour, but in short they are both a
> string or binary blob and a DN, all in one. Only the DN portion is
> relevant for attribute matching rules.
>
> Currently, I map these to strings, but they are not strings - and need
> proper DN match rules, as I need to be able to use the 'deref' module on
> them (and to correctly handle the case sensitive/insensitive nature of
> DNs).
>
> What is the best way to get OpenLDAP to understand it needs to match on
> and follow references to the DN part of these values?
Good question. So far the only way to get DN semantics is by using
distinguishedName syntax. In a few places we've also special-cased recognition
of NameAndOptionalUID syntax, but that's not universal. I suppose, if you can
shoehorn your extra blobs into the UID portion, you can use that syntax and we
can figure out where else it needs to be accepted.
>
> (Additionally, even when just use deref with normal DNs, I'm not getting
> a the control response, but I need to get more info before I can pin the
> details down)
>
> Thanks,
>
> Andrew Bartlett
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the samba-technical
mailing list