How to best handle DN+String and DN+Binary in OL?

Howard Chu hyc at
Sun Jul 11 23:14:31 MDT 2010

masarati at wrote:
>> Howard Chu wrote:
>>> Andrew Bartlett wrote:
>>>> On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
>>>>> Andrew Bartlett wrote:
>>>>>> What is the best way to get OpenLDAP to understand it needs to match
>>>>>> on
>>>>>> and follow references to the DN part of these values?
>>>>> Good question. So far the only way to get DN semantics is by using
>>>>> distinguishedName syntax. In a few places we've also special-cased
>>>>> recognition
>>>>> of NameAndOptionalUID syntax, but that's not universal. I suppose, if
>>>>> you can
>>>>> shoehorn your extra blobs into the UID portion, you can use that
>>>>> syntax and we
>>>>> can figure out where else it needs to be accepted.
>>>> Looking over the definition of NameAndOptionalUID, shoehorn would
>>>> certainly be the correct expression...  But yes, it looks to me like I
>>>> just need to convert every binary or string element into a bitstring of
>>>> it's bits.
>>> Yeah, bitstrings are a PITA. The better way might be to just define a
>>> new
>>> syntax and matching rules that stores exactly what you want. We can
>>> define a
>>> new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those
>>> places that were hardcoded to look for DN syntax to use this flag
>>> instead.
>> The other places that are interesting in this regard are in the ACL engine
>> and
>> anything that uses librewrite. Rewrites are trickier because the rewrite
>> code
>> needs to be able to isolate just the DN portion for rewriting, and
>> preserve
>> any other blob attached to an attribute.
> This would probably be the caller's business; for example, slapo-rwm and
> back-meta where DN-valued (or SLAP_SYNTAX_DN_LIKE-valued) attributes are
> rewritten.  Probably, each syntax normalizer's duty would be to isolate
> the DN portion and feed it to dnNormalize().

Yes, but that's only part of it. We also need to back that into the Pretty'd 
value without losing the blob.

   -- Howard Chu
   CTO, Symas Corp. 
   Director, Highland Sun
   Chief Architect, OpenLDAP

More information about the samba-technical mailing list