[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: absent matchingRule (was Re: protocol-27 comments #3)

To: Jim Sermersheim <jimse@novell.com>
Subject: Re: absent matchingRule (was Re: protocol-27 comments #3)
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 8 Nov 2004 21:31:39 +0100
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <s18f722c.030@sinclair.provo.novell.com>
References: <s18f722c.030@sinclair.provo.novell.com>

Jim Sermersheim writes:
>>>> Hallvard B Furuseth <h.b.furuseth@usit.uio.no> 11/8/04 5:59:28 AM
>>> If the matchingRule field is absent, the type field MUST be
>>> present, and an equality match is performed for that type.
>>
>>Which means just (:dn:=foo) is not allowed. Maybe the draft should
>>suggest that one can use (1.1:dn:=foo).
>  
> Well, what does (1.1:dn:=foo) mean? I think it means that this filter
> will always evaluate to undefined.

Looking at the description of dnAttributes under extensibleMatch in
4.5.1. Search Request, it returns TRUE if a DN attribute matches foo -
regardless of Undefined or False from the rest of the filter.  Though
maybe I'm just getting lost here - at the moment I can't see where the
draft says that matching an unknown attribute type returns Undefined,
and certainly not where it says that this overrides the dnAttributes
description.

>> Also, is it an error to violate this "MUST"? Most other invalid
>> filters just return Undefined.
>  
> My read is that this is a protocol violations (and other protocol
> violations in filters are not evaluated to undefiened, they return
> protocolError)

OK.  In that case I have a problem with the MUSTs for search requests
that it is not a protocol violation to violate, but I think we've been
there before.

-- 
Hallvard

Prev by Date: absent matchingRule (was Re: protocol-27 comments #3)
Next by Date: SearchResultReference examples (was Re: protocol-27 comments #3)
Index(es):
- Chronological
- Thread