[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/servers/slapd filterentry.c schema_init.c



Hallvard B Furuseth wrote:

Pierangelo Masarati writes:


kurt@OpenLDAP.org wrote:


Update uniqueMemberMatch to be consistent with latest
draft-ietf-ldapbis-syntaxes
Add uniqueMemberMatch approximate support
Add uniqueMemberMatch indexing support


As a consequence of this change, test026 is failing when the server is
searched with "(uniqueMember=dc=example,dc=com)", i.e. the asserted
value is missing the bitString portion. Since this option appears to be
absent from draft-ietf-ldapbis-syntaxes, i.e. there's no mention of the
possibility of having the asserted value without the bitString portion,



Yes there is. Section 4.2.31 (uniqueMemberMatch) says:

  The rule evaluates to TRUE if and only if (...) and either, the
  <BitString> component is absent from both the attribute value and
  assertion value, or (...)

If you find that somewhat complex sentence ambiguous or too hard to
parse, maybe you should suggest a better wording to
ietf-ldapbis@openldap.org.



if my interpretation is correct the test is malformed and should be
removed, since it seems to imply that an absent bitString is equivalent
to a bitstring of "#'0'B".



I don't see how you get that from the draft. Also note that a bit
string is just that - a bit string, not a representation of an integer.
So if anything #''B would be a more natural "default".


I'm not getting this at all from the draft, but rather from the code. That's what the code was doing so far. Now I agree after Kurt's changes it looks much more consistent with the draft.

I was looking at an old version of the draft. After reading the most recent (-10, AFAIK) I think the wording is very clear: it says that to have a match, given a value and an asserted value, the DN parts must match and either the bitstring is absent from both, or the bitstrings match according to bitString matching rule. As such, if the value has the bitstring and the asserted value doesn't, it is my understanding that the result of the match is undefined, unless a missing bitString part is treated as an empty bitString (i.e. a bitString of '', which is equivalent to any amount of '0's).

p.


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497