How to best handle DN+String and DN+Binary in OL?

Howard Chu hyc at symas.com
Sun Jul 11 23:14:31 MDT 2010 

masarati at aero.polimi.it wrote:
>> Howard Chu wrote:
>>> Andrew Bartlett wrote:
>>>> On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
>>>>> Andrew Bartlett wrote:
>>>>>> What is the best way to get OpenLDAP to understand it needs to match
>>>>>> on
>>>>>> and follow references to the DN part of these values?
>>>>>
>>>>> Good question. So far the only way to get DN semantics is by using
>>>>> distinguishedName syntax. In a few places we've also special-cased
>>>>> recognition
>>>>> of NameAndOptionalUID syntax, but that's not universal. I suppose, if
>>>>> you can
>>>>> shoehorn your extra blobs into the UID portion, you can use that
>>>>> syntax and we
>>>>> can figure out where else it needs to be accepted.
>>>>
>>>> Looking over the definition of NameAndOptionalUID, shoehorn would
>>>> certainly be the correct expression...  But yes, it looks to me like I
>>>> just need to convert every binary or string element into a bitstring of
>>>> it's bits.
>>>
>>> Yeah, bitstrings are a PITA. The better way might be to just define a
>>> new
>>> syntax and matching rules that stores exactly what you want. We can
>>> define a
>>> new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those
>>> places that were hardcoded to look for DN syntax to use this flag
>>> instead.
>>
>> The other places that are interesting in this regard are in the ACL engine
>> and
>> anything that uses librewrite. Rewrites are trickier because the rewrite
>> code
>> needs to be able to isolate just the DN portion for rewriting, and
>> preserve
>> any other blob attached to an attribute.
>
> This would probably be the caller's business; for example, slapo-rwm and
> back-meta where DN-valued (or SLAP_SYNTAX_DN_LIKE-valued) attributes are
> rewritten.  Probably, each syntax normalizer's duty would be to isolate
> the DN portion and feed it to dnNormalize().

Yes, but that's only part of it. We also need to back that into the Pretty'd 
value without losing the blob.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the samba-technical mailing list