How to best handle DN+String and DN+Binary in OL?

Hallvard B Furuseth h.b.furuseth at usit.uio.no
Mon Jul 12 03:28:51 MDT 2010


Andrew Bartlett writes:
> Looking over the definition of NameAndOptionalUID, shoehorn would
> certainly be the correct expression...

Worse, check its usual matching rule uniqueMemberMatch: Noncommutative
in X.520, pre-rfc4517 LDAP, and optionally in RFC 4517 implementations.
Then filter "(uniqueMember=cn=foo)" matches "cn=foo#<any bitstring>" as
well as "cn=foo", but not vice versa: "(uniqueMember=cn=foo#'10'B)" does
not match "cn=foo".  Unless I got that backwards, i don't remember.

So yeah, I'd say you need a new syntax or at least a new matching rule.
Or revitalization of the Component Matching stuff, but I'm not
volunteering...

-- 
Hallvard


More information about the samba-technical mailing list