How to best handle DN+String and DN+Binary in OL?

Howard Chu hyc at
Sun Jul 11 19:21:27 MDT 2010

Howard Chu wrote:
> Andrew Bartlett wrote:
>> On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
>>> Andrew Bartlett wrote:
>>>> What is the best way to get OpenLDAP to understand it needs to match on
>>>> and follow references to the DN part of these values?
>>> Good question. So far the only way to get DN semantics is by using
>>> distinguishedName syntax. In a few places we've also special-cased recognition
>>> of NameAndOptionalUID syntax, but that's not universal. I suppose, if you can
>>> shoehorn your extra blobs into the UID portion, you can use that syntax and we
>>> can figure out where else it needs to be accepted.
>> Looking over the definition of NameAndOptionalUID, shoehorn would
>> certainly be the correct expression...  But yes, it looks to me like I
>> just need to convert every binary or string element into a bitstring of
>> it's bits.
> Yeah, bitstrings are a PITA. The better way might be to just define a new
> syntax and matching rules that stores exactly what you want. We can define a
> new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those
> places that were hardcoded to look for DN syntax to use this flag instead.

I've added a SLAP_SYNTAX_DN syntax flag for this purpose. Also updated the
deref overlay to use this flag instead of only checking for distinguishedName 

> If as you say, the blob portion is irrelevant for matching, then you would
> just store the normalized DN portion as the attribute's normalized values, and
> most things that work with DNs will Just Work.

   -- Howard Chu
   CTO, Symas Corp. 
   Director, Highland Sun
   Chief Architect, OpenLDAP

More information about the samba-technical mailing list