masarati@aero.polimi.it wrote:
Howard Chu wrote:Andrew Bartlett wrote:On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:Andrew Bartlett wrote:What is the best way to get OpenLDAP to understand it needs to match on and follow references to the DN part of these values?Good question. So far the only way to get DN semantics is by using distinguishedName syntax. In a few places we've also special-cased recognition of NameAndOptionalUID syntax, but that's not universal. I suppose, if you can shoehorn your extra blobs into the UID portion, you can use that syntax and we can figure out where else it needs to be accepted.Looking over the definition of NameAndOptionalUID, shoehorn would certainly be the correct expression... But yes, it looks to me like I just need to convert every binary or string element into a bitstring of it's bits.Yeah, bitstrings are a PITA. The better way might be to just define a new syntax and matching rules that stores exactly what you want. We can define a new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those places that were hardcoded to look for DN syntax to use this flag instead.The other places that are interesting in this regard are in the ACL engine and anything that uses librewrite. Rewrites are trickier because the rewrite code needs to be able to isolate just the DN portion for rewriting, and preserve any other blob attached to an attribute.This would probably be the caller's business; for example, slapo-rwm and back-meta where DN-valued (or SLAP_SYNTAX_DN_LIKE-valued) attributes are rewritten. Probably, each syntax normalizer's duty would be to isolate the DN portion and feed it to dnNormalize().
Yes, but that's only part of it. We also need to back that into the Pretty'd value without losing the blob.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/