How to best handle DN+String and DN+Binary in OL?
hyc at symas.com
Sun Jul 11 23:14:31 MDT 2010
masarati at aero.polimi.it wrote:
>> Howard Chu wrote:
>>> Andrew Bartlett wrote:
>>>> On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
>>>>> Andrew Bartlett wrote:
>>>>>> What is the best way to get OpenLDAP to understand it needs to match
>>>>>> and follow references to the DN part of these values?
>>>>> Good question. So far the only way to get DN semantics is by using
>>>>> distinguishedName syntax. In a few places we've also special-cased
>>>>> of NameAndOptionalUID syntax, but that's not universal. I suppose, if
>>>>> you can
>>>>> shoehorn your extra blobs into the UID portion, you can use that
>>>>> syntax and we
>>>>> can figure out where else it needs to be accepted.
>>>> Looking over the definition of NameAndOptionalUID, shoehorn would
>>>> certainly be the correct expression... But yes, it looks to me like I
>>>> just need to convert every binary or string element into a bitstring of
>>>> it's bits.
>>> Yeah, bitstrings are a PITA. The better way might be to just define a
>>> syntax and matching rules that stores exactly what you want. We can
>>> define a
>>> new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those
>>> places that were hardcoded to look for DN syntax to use this flag
>> The other places that are interesting in this regard are in the ACL engine
>> anything that uses librewrite. Rewrites are trickier because the rewrite
>> needs to be able to isolate just the DN portion for rewriting, and
>> any other blob attached to an attribute.
> This would probably be the caller's business; for example, slapo-rwm and
> back-meta where DN-valued (or SLAP_SYNTAX_DN_LIKE-valued) attributes are
> rewritten. Probably, each syntax normalizer's duty would be to isolate
> the DN portion and feed it to dnNormalize().
Yes, but that's only part of it. We also need to back that into the Pretty'd
value without losing the blob.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the samba-technical