How to best handle DN+String and DN+Binary in OL?
abartlet at samba.org
Mon Jul 12 05:09:27 MDT 2010
On Mon, 2010-07-12 at 11:28 +0200, Hallvard B Furuseth wrote:
> Andrew Bartlett writes:
> > Looking over the definition of NameAndOptionalUID, shoehorn would
> > certainly be the correct expression...
> Worse, check its usual matching rule uniqueMemberMatch: Noncommutative
> in X.520, pre-rfc4517 LDAP, and optionally in RFC 4517 implementations.
> Then filter "(uniqueMember=cn=foo)" matches "cn=foo#<any bitstring>" as
> well as "cn=foo", but not vice versa: "(uniqueMember=cn=foo#'10'B)" does
> not match "cn=foo". Unless I got that backwards, i don't remember.
That's exactly the same semantics as DN+binary and DN+string, so it
would work for me.
> So yeah, I'd say you need a new syntax or at least a new matching rule.
> Or revitalization of the Component Matching stuff, but I'm not
:-) I don't think I'll need that fortunately.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 190 bytes
Desc: This is a digitally signed message part
More information about the samba-technical