How to best handle DN+String and DN+Binary in OL?
Hallvard B Furuseth
h.b.furuseth at usit.uio.no
Mon Jul 12 03:28:51 MDT 2010
Andrew Bartlett writes:
> Looking over the definition of NameAndOptionalUID, shoehorn would
> certainly be the correct expression...
Worse, check its usual matching rule uniqueMemberMatch: Noncommutative
in X.520, pre-rfc4517 LDAP, and optionally in RFC 4517 implementations.
Then filter "(uniqueMember=cn=foo)" matches "cn=foo#<any bitstring>" as
well as "cn=foo", but not vice versa: "(uniqueMember=cn=foo#'10'B)" does
not match "cn=foo". Unless I got that backwards, i don't remember.
So yeah, I'd say you need a new syntax or at least a new matching rule.
Or revitalization of the Component Matching stuff, but I'm not
volunteering...
--
Hallvard
More information about the samba-technical
mailing list