[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Migrating from iPlanet, 'binary' issues



>>Is there a list of the other syntaxes that do not allow, or require the
>>";binary" transfer option?>
> Yes, in schema_init.c, everything marked SLAP_SYNTAX_BINARY requires
> ;binary to be present and every which isn't so marked requires ;binary
> to be absent.
If I understand you correctly, "allow"=="require" if the
SLAP_SYNTAX_BINARY flag is set?
I tried the ";binary" transfer option with something that is not defined
to with the SLAP_SYNTAX_BINARY flag ("mail" attribute), and it did fail.
In the previous message you sent me you said "The technical specification,
technically speaking, allows ;binary to be used with any syntax but only
mandates it use with a few (namely, the X.509 certificate syntaxes)." Is
this a bug, or just where OpenLDAP parts from the RFC (assuming your
comment came from an RFC)? Shouldn't I be able to send a string that is
BER encoded?
Here is my difficulty - I have an attribute that is BER encoded. There
will never be a syntax to actually verify if the BER blob is what I say it
is (as I am never going to code it up). It is technically a CMS/PKCS#7
EncryptedData object. Following iPlanet's lead, it would be a binary
syntax, transfered with the ";binary" option. This is what we do today.
Unless there is a syntax for CMS objects, I can do one of the following:
1) change the transfer option to send it without ";binary" (this shouldn't
cause an issue with iPlanet since they truly don't care), and keep the
binary (BER) syntax in my schema
2) Use a different syntax that is BER encoded and requires the ";binary"
transfer option (I hate to say it, but the certificate syntax works - but
presumably some day one could code up syntax checking to see that the
value we are sending is indeed not a valid certificate)
Any suggestions?

Thanks,
-lon