On Sun, 2010-07-11 at 18:25 -0700, Howard Chu wrote: > Howard Chu wrote: > > Andrew Bartlett wrote: > >> On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote: > >>> Andrew Bartlett wrote: > >>>> What is the best way to get OpenLDAP to understand it needs to match on > >>>> and follow references to the DN part of these values? > >>> > >>> Good question. So far the only way to get DN semantics is by using > >>> distinguishedName syntax. In a few places we've also special-cased recognition > >>> of NameAndOptionalUID syntax, but that's not universal. I suppose, if you can > >>> shoehorn your extra blobs into the UID portion, you can use that syntax and we > >>> can figure out where else it needs to be accepted. > >> > >> Looking over the definition of NameAndOptionalUID, shoehorn would > >> certainly be the correct expression... But yes, it looks to me like I > >> just need to convert every binary or string element into a bitstring of > >> it's bits. > > > > Yeah, bitstrings are a PITA. The better way might be to just define a new > > syntax and matching rules that stores exactly what you want. We can define a > > new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those > > places that were hardcoded to look for DN syntax to use this flag instead. > > The other places that are interesting in this regard are in the ACL engine and > anything that uses librewrite. Rewrites are trickier because the rewrite code > needs to be able to isolate just the DN portion for rewriting, and preserve > any other blob attached to an attribute. So, how do I define a new syntax for this? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part