How to best handle DN+String and DN+Binary in OL?

Howard Chu hyc at
Sun Jul 11 19:25:10 MDT 2010

Howard Chu wrote:
> Andrew Bartlett wrote:
>> On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
>>> Andrew Bartlett wrote:
>>>> What is the best way to get OpenLDAP to understand it needs to match on
>>>> and follow references to the DN part of these values?
>>> Good question. So far the only way to get DN semantics is by using
>>> distinguishedName syntax. In a few places we've also special-cased recognition
>>> of NameAndOptionalUID syntax, but that's not universal. I suppose, if you can
>>> shoehorn your extra blobs into the UID portion, you can use that syntax and we
>>> can figure out where else it needs to be accepted.
>> Looking over the definition of NameAndOptionalUID, shoehorn would
>> certainly be the correct expression...  But yes, it looks to me like I
>> just need to convert every binary or string element into a bitstring of
>> it's bits.
> Yeah, bitstrings are a PITA. The better way might be to just define a new
> syntax and matching rules that stores exactly what you want. We can define a
> new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those
> places that were hardcoded to look for DN syntax to use this flag instead.

The other places that are interesting in this regard are in the ACL engine and 
anything that uses librewrite. Rewrites are trickier because the rewrite code 
needs to be able to isolate just the DN portion for rewriting, and preserve 
any other blob attached to an attribute.

   -- Howard Chu
   CTO, Symas Corp. 
   Director, Highland Sun
   Chief Architect, OpenLDAP

More information about the samba-technical mailing list