On Mon, 2010-07-12 at 11:28 +0200, Hallvard B Furuseth wrote: > Andrew Bartlett writes: > > Looking over the definition of NameAndOptionalUID, shoehorn would > > certainly be the correct expression... > > Worse, check its usual matching rule uniqueMemberMatch: Noncommutative > in X.520, pre-rfc4517 LDAP, and optionally in RFC 4517 implementations. > Then filter "(uniqueMember=cn=foo)" matches "cn=foo#<any bitstring>" as > well as "cn=foo", but not vice versa: "(uniqueMember=cn=foo#'10'B)" does > not match "cn=foo". Unless I got that backwards, i don't remember. That's exactly the same semantics as DN+binary and DN+string, so it would work for me. > So yeah, I'd say you need a new syntax or at least a new matching rule. > Or revitalization of the Component Matching stuff, but I'm not > volunteering... :-) I don't think I'll need that fortunately. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part