How to best handle DN+String and DN+Binary in OL?
Howard Chu
hyc at symas.com
Sun Jul 11 19:25:10 MDT 2010
Howard Chu wrote:
> Andrew Bartlett wrote:
>> On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
>>> Andrew Bartlett wrote:
>>>> What is the best way to get OpenLDAP to understand it needs to match on
>>>> and follow references to the DN part of these values?
>>>
>>> Good question. So far the only way to get DN semantics is by using
>>> distinguishedName syntax. In a few places we've also special-cased recognition
>>> of NameAndOptionalUID syntax, but that's not universal. I suppose, if you can
>>> shoehorn your extra blobs into the UID portion, you can use that syntax and we
>>> can figure out where else it needs to be accepted.
>>
>> Looking over the definition of NameAndOptionalUID, shoehorn would
>> certainly be the correct expression... But yes, it looks to me like I
>> just need to convert every binary or string element into a bitstring of
>> it's bits.
>
> Yeah, bitstrings are a PITA. The better way might be to just define a new
> syntax and matching rules that stores exactly what you want. We can define a
> new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those
> places that were hardcoded to look for DN syntax to use this flag instead.
The other places that are interesting in this regard are in the ACL engine and
anything that uses librewrite. Rewrites are trickier because the rewrite code
needs to be able to isolate just the DN portion for rewriting, and preserve
any other blob attached to an attribute.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the samba-technical
mailing list