Re: rdnMatch / RDN support (ITS#3207)

[Kurt@OpenLDAP.org]

At 01:33 AM 6/28/2004, ando@sys-net.it wrote:

>> Full_Name: Sang-Seok Lim
>> Version: HEAD
>> OS: RedHat9
>> URL: ftp://ftp.openldap.org/incoming/rdn.diff
>> Submission from: (NULL) (129.34.20.23)
>>
>>
>> This patch provides support for the rdnMatch matching rule and the RDN
>> syntax as
>> defined in RFC 3687 (Lightweight Directory Access Protocol (LDAP) and
>> X.500
>> Component Matching Rules). The component matching for RDN is yet to be
>> implemented. Only the definitions of the matching rule, the syntax, and
>> the
>> related functions are provided in this patch.
>
>It is unclear (to me, of course) how, according to RFC 3687, this rule
>could be used to match portions of a DN.

I thought so too, but after reading 3687 more carefully I found
my error.  The assertion and attribute syntax for this rule is
RDN, not DN.  

>I expect that the rdnMatch rule
>would allow filters like "(seeAlso:rdnMatch:=cn=All Staff)" in the test
>suite to match those entries whose seeAlso attribute contains "cn=All
>Staff,ou=Groups,dc=example,dc=com".

That would be more like a rdnLastComponentMatch or something.

>In order to do so, I had to do some
>hacking to slapd; I'll post a patch later, when I regain access to my
>laptop, with my weekend homeworks :), if anyone can confirm my
>expectations.

rdnMatch is intended to be used with componentFilterMatch rule
to select the component of the DN, e.g.,
        (seeAlso:componentFilterMatch:=item:{ component "-1",
                rule rdnMatch, value "cn=All Staff" }) 

>Also, it is not clear (to me, again) if RFC 3687, when referring to RDN,
>indicates the LAST rdn (i.e. the leftmost), or ANY rdn inside a DN.

The component field of the componentFilterMatch does this...
See Section 7 of RFC 3687 for examples.

Kurt