How to best handle DN+String and DN+Binary in OL?

Andrew Bartlett abartlet at
Sun Jul 11 20:12:11 MDT 2010

On Sun, 2010-07-11 at 18:25 -0700, Howard Chu wrote:
> Howard Chu wrote:
> > Andrew Bartlett wrote:
> >> On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
> >>> Andrew Bartlett wrote:
> >>>> What is the best way to get OpenLDAP to understand it needs to match on
> >>>> and follow references to the DN part of these values?
> >>>
> >>> Good question. So far the only way to get DN semantics is by using
> >>> distinguishedName syntax. In a few places we've also special-cased recognition
> >>> of NameAndOptionalUID syntax, but that's not universal. I suppose, if you can
> >>> shoehorn your extra blobs into the UID portion, you can use that syntax and we
> >>> can figure out where else it needs to be accepted.
> >>
> >> Looking over the definition of NameAndOptionalUID, shoehorn would
> >> certainly be the correct expression...  But yes, it looks to me like I
> >> just need to convert every binary or string element into a bitstring of
> >> it's bits.
> >
> > Yeah, bitstrings are a PITA. The better way might be to just define a new
> > syntax and matching rules that stores exactly what you want. We can define a
> > new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those
> > places that were hardcoded to look for DN syntax to use this flag instead.
> The other places that are interesting in this regard are in the ACL engine and 
> anything that uses librewrite. Rewrites are trickier because the rewrite code 
> needs to be able to isolate just the DN portion for rewriting, and preserve 
> any other blob attached to an attribute.

So, how do I define a new syntax for this?

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list