How to best handle DN+String and DN+Binary in OL?

masarati at masarati at
Sun Jul 11 23:02:27 MDT 2010

> Howard Chu wrote:
>> Andrew Bartlett wrote:
>>> On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
>>>> Andrew Bartlett wrote:
>>>>> What is the best way to get OpenLDAP to understand it needs to match
>>>>> on
>>>>> and follow references to the DN part of these values?
>>>> Good question. So far the only way to get DN semantics is by using
>>>> distinguishedName syntax. In a few places we've also special-cased
>>>> recognition
>>>> of NameAndOptionalUID syntax, but that's not universal. I suppose, if
>>>> you can
>>>> shoehorn your extra blobs into the UID portion, you can use that
>>>> syntax and we
>>>> can figure out where else it needs to be accepted.
>>> Looking over the definition of NameAndOptionalUID, shoehorn would
>>> certainly be the correct expression...  But yes, it looks to me like I
>>> just need to convert every binary or string element into a bitstring of
>>> it's bits.
>> Yeah, bitstrings are a PITA. The better way might be to just define a
>> new
>> syntax and matching rules that stores exactly what you want. We can
>> define a
>> new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those
>> places that were hardcoded to look for DN syntax to use this flag
>> instead.
> The other places that are interesting in this regard are in the ACL engine
> and
> anything that uses librewrite. Rewrites are trickier because the rewrite
> code
> needs to be able to isolate just the DN portion for rewriting, and
> preserve
> any other blob attached to an attribute.

This would probably be the caller's business; for example, slapo-rwm and
back-meta where DN-valued (or SLAP_SYNTAX_DN_LIKE-valued) attributes are
rewritten.  Probably, each syntax normalizer's duty would be to isolate
the DN portion and feed it to dnNormalize().



More information about the samba-technical mailing list