[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4868) Binary Attribute Patch(es)



Additionally, just FYI, it appears that the regular/standard OpenLDAP (at least as of 2.3.32) BDB-based backend returns "userCertificate;binary" just fine (and, actually, all the time, even when requesting "userCertificate").   I would've expected them to behave the same way.

----- Original Message ----
From: Pierangelo Masarati <ando@sys-net.it>
To: Kevin Vargo <vargok@yahoo.com>
Cc: openldap-its@openldap.org
Sent: Wednesday, March 14, 2007 5:05:52 PM
Subject: Re: (ITS#4868) Binary Attribute Patch(es)

Kevin Vargo wrote:
> However, there remains a problem: other LDAP Servers appear to return
> the 'attribute-name' requested (userCertificate;binary::) to describe
> the data.  Now that the data is being returned, it's being returned
> without the ";binary" option -- as 'userCertificate::'.  Per
> ITS#3113, ";binary" is obsoleted?

To be honest, I'm not sure I have ever clearly understood that ";binary"
issue, and I don't have time to dig out the documentation, learn about
it, and check the code, since the whole stuff seems to be obsolete.

> Is there a compatibility mode that can be optioned to support this?

None that I know of.

> Obsoleted and back-wards compatibility being in conflict..... 

I think compatibility with obsolete stuff is something that may easily
get in conflict with open source, volunteer developed software.
Volunteers tend to concentrate scarce resources on important things, and
preserving compatibility with obsolete (often broken) stuff is first of
all a waste of scarce resources, and second, but not least, reduces
pressure on obsolete (broken) software makers, which typically are not
volunteers but actually get paid for (obsolete/broken stuff).  Having
said this, you may find volunteers that, pushed by their own needs like
to spend time supporting obsolete/broken stuff for the simple reason
they need it.

> i.e.
> is there a way to say "return the attribute by name-requested instead
> of schema-name?"

No.  This question has been raised many times, and the answer has always
been like that.  All you could do is hack slap_send_search_entry() in
servers/slapd/result.c.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------






 
____________________________________________________________________________________
Sucker-punch spam with award-winning protection. 
Try the free Yahoo! Mail Beta.
http://advision.webevents.yahoo.com/mailbeta/features_spam.html