How to best handle DN+String and DN+Binary in OL?
hyc at symas.com
Sun Jul 11 15:16:20 MDT 2010
Andrew Bartlett wrote:
> I'm back on my occasional task of trying to get the OpenLDAP backend to
> Samba4 going again, and was hoping to simply test out the fine work done
> on the vernum module. (which I should have tested at the time it was
> Anyway, Samba has moved on, and things have broken. Part of the changes
> relate to these additional DN types (found in AD), of:
> #define DSDB_SYNTAX_BINARY_DN "1.2.840.113518.104.22.1683"
> #define DSDB_SYNTAX_STRING_DN "1.2.840.113522.214.171.1244"
> #define DSDB_SYNTAX_OR_NAME "1.2.840.1135126.96.36.1991"
> These are quite odd in their behaivour, but in short they are both a
> string or binary blob and a DN, all in one. Only the DN portion is
> relevant for attribute matching rules.
> Currently, I map these to strings, but they are not strings - and need
> proper DN match rules, as I need to be able to use the 'deref' module on
> them (and to correctly handle the case sensitive/insensitive nature of
> What is the best way to get OpenLDAP to understand it needs to match on
> and follow references to the DN part of these values?
Good question. So far the only way to get DN semantics is by using
distinguishedName syntax. In a few places we've also special-cased recognition
of NameAndOptionalUID syntax, but that's not universal. I suppose, if you can
shoehorn your extra blobs into the UID portion, you can use that syntax and we
can figure out where else it needs to be accepted.
> (Additionally, even when just use deref with normal DNs, I'm not getting
> a the control response, but I need to get more info before I can pin the
> details down)
> Andrew Bartlett
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the samba-technical