How to best handle DN+String and DN+Binary in OL?

Andrew Bartlett abartlet at
Mon Jul 12 05:09:27 MDT 2010

On Mon, 2010-07-12 at 11:28 +0200, Hallvard B Furuseth wrote:
> Andrew Bartlett writes:
> > Looking over the definition of NameAndOptionalUID, shoehorn would
> > certainly be the correct expression...
> Worse, check its usual matching rule uniqueMemberMatch: Noncommutative
> in X.520, pre-rfc4517 LDAP, and optionally in RFC 4517 implementations.
> Then filter "(uniqueMember=cn=foo)" matches "cn=foo#<any bitstring>" as
> well as "cn=foo", but not vice versa: "(uniqueMember=cn=foo#'10'B)" does
> not match "cn=foo".  Unless I got that backwards, i don't remember.

That's exactly the same semantics as DN+binary and DN+string, so it
would work for me. 

> So yeah, I'd say you need a new syntax or at least a new matching rule.
> Or revitalization of the Component Matching stuff, but I'm not
> volunteering...

:-)  I don't think I'll need that fortunately. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list