[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] syntax or matching rule flaw in RFC 3045

To: "Jim Sermersheim" <jimse@novell.com>
Subject: Re: [ldapext] syntax or matching rule flaw in RFC 3045
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 22 Sep 2004 16:20:46 -0700
Cc: ldapext@ietf.org
In-reply-to: <s151841a.049@sinclair.provo.novell.com>
References: <s151841a.049@sinclair.provo.novell.com>

At 12:54 PM 9/22/2004, Jim Sermersheim wrote:
>We were looking at implementing this and someone noticed that the syntax
>for the attributes is Directory String (1.3.6.1.4.1.1466.115.121.1.15)
>while the EQUALITY rule is caseExactIA5Match 
>(1.3.6.1.4.1.1466.109.114.1).

Yikes.  This means that only assertion values in AVAs
involving this attribute type are restricted to IA5.
I do not believe that was intended.

>I assume the author was at one point using the IA5 String syntax and
>changed to Directory String but forgot to change the EQUALITY rule (the
>author doesn't work at Novell anymore or I'd ask him).

Last minute (and incomplete) internationalization perhaps.

>We should probably update the RFC.

Seems appropriate.

>Do other vendors who have implemented this use
>a caseExactMatch (2.5.13.5) for the EQUALITY?

Current OpenLDAP code is using caseExactMatch as
these attributes equality matching rule.

Kurt


>Thanks,
>
>Jim
>
>_______________________________________________
>Ldapext mailing list
>Ldapext@ietf.org
>https://www1.ietf.org/mailman/listinfo/ldapext


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- [ldapext] syntax or matching rule flaw in RFC 3045
  - From: "Jim Sermersheim" <jimse@novell.com>

Prev by Date: [ldapext] when is manageDsaIT needed for the root DSE?
Next by Date: Re: [ldapext] when is manageDsaIT needed for the root DSE?
Index(es):
- Chronological
- Thread