[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to best handle DN+String and DN+Binary in OL?



masarati@aero.polimi.it wrote:
Howard Chu wrote:
Andrew Bartlett wrote:
On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
Andrew Bartlett wrote:
What is the best way to get OpenLDAP to understand it needs to match
on
and follow references to the DN part of these values?

Good question. So far the only way to get DN semantics is by using
distinguishedName syntax. In a few places we've also special-cased
recognition
of NameAndOptionalUID syntax, but that's not universal. I suppose, if
you can
shoehorn your extra blobs into the UID portion, you can use that
syntax and we
can figure out where else it needs to be accepted.

Looking over the definition of NameAndOptionalUID, shoehorn would
certainly be the correct expression...  But yes, it looks to me like I
just need to convert every binary or string element into a bitstring of
it's bits.

Yeah, bitstrings are a PITA. The better way might be to just define a
new
syntax and matching rules that stores exactly what you want. We can
define a
new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those
places that were hardcoded to look for DN syntax to use this flag
instead.

The other places that are interesting in this regard are in the ACL engine
and
anything that uses librewrite. Rewrites are trickier because the rewrite
code
needs to be able to isolate just the DN portion for rewriting, and
preserve
any other blob attached to an attribute.

This would probably be the caller's business; for example, slapo-rwm and
back-meta where DN-valued (or SLAP_SYNTAX_DN_LIKE-valued) attributes are
rewritten.  Probably, each syntax normalizer's duty would be to isolate
the DN portion and feed it to dnNormalize().

Yes, but that's only part of it. We also need to back that into the Pretty'd value without losing the blob.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/