[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Extensible Match Filters

To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>
Subject: RE: Extensible Match Filters
From: "Steven Legg" <steven.legg@adacel.com.au>
Date: Thu, 8 Feb 2001 16:39:27 +1100
Cc: "'Brent Holland'" <brent.holland@openwave.com>, <ietf-ldapbis@OpenLDAP.org>
Importance: Normal
In-reply-to: <5.0.2.1.0.20010207203320.00af3870@router.boolean.net>

Kurt,

> -----Original Message-----
> From: owner-ietf-ldapbis@OpenLDAP.org
> [mailto:owner-ietf-ldapbis@OpenLDAP.org]On Behalf Of Kurt D. Zeilenga
> Sent: Thursday, 8 February 2001 15:54
> To: steven.legg@adacel.com.au
> Cc: 'Brent Holland'; ietf-ldapbis@OpenLDAP.org
> Subject: RE: Extensible Match Filters
> 
> 
> [ldapext trimmed]
> 
> At 03:07 PM 2/8/01 +1100, Steven Legg wrote:
> >I think the real problem Brent was alluding to is the fact 
> that the ABNF
> >for <extensible> in RFC 2254 only allows the thing after the 
> `=' to be
> >an AttributeValue, whereas it should be an AssertionValue.
> 
> Actually, the root of the problem is that the RFC 2254 copy of the
> ASN.1 is incorrect!
> 
> RFC 2254:
>         AttributeValueAssertion ::= SEQUENCE {
>                 attributeDesc   AttributeDescription,
>                 attributeValue  AttributeValue
>         }
> 
> should be as in RFC 2251, 4.1.7:
>         AttributeValueAssertion ::= SEQUENCE {
>                 attributeDesc   AttributeDescription,
>                 assertionValue  AssertionValue }
> 
> 
> then:
>    The AttributeValue and AssertionValue OCTET STRING have the form
>    defined in [2].
> 
> need not refer to AttributeValue.
> 
> And, the ABNF should be:
>        value      = AttributeValue from Section 4.1.6 of [1]
> 
> should be:
>        value      = AssertionValue from Section 4.1.7 of [1]
> 
> That, I think, should fix this problem.

That depends on what you think goes in the SubstringFilter. According
to RFC 2251 the initial, any and final components are LDAPString. The
corresponding fields in X.511 are equivalent to AttributeValue, though
it would make more sense if they were AssertionValue instead.

If the intent is to be compatible with X.500 filters, the LDAPStrings
in the SubstringFilter should be regarded as AttributeValues. In this
case <value> in section 4 of RFC 2254 should remain as is and the
<extensible> and <simple> productions should be changed to:

    simple     = attr filtertype assertion-value

    extensible = attr [":dn"] [":" matchingrule] ":=" assertion-value
                 / [":dn"] ":" matchingrule ":=" assertion-value

    assertion-value = AssertionValue from Section 4.1.7 of [1]

Regards,
Steven

> 
>         Kurt
> 
>

Follow-Ups:
- RE: Extensible Match Filters
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- RE: Extensible Match Filters
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: RE: Extensible Match Filters
Next by Date: ;binary in extensible filters without attr
Index(es):
- Chronological
- Thread