[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Match rule to dereference pointers
Ryan et al
I have been reading your ID and trying to puzzle out your schema
and syntax, and how it fits in with the existing LDAPv3 specs. I cant
quite make it all fit together. Here are my problems:
i) Your dereferencingMatch rule has a syntax of ....12, which means
a DN. Hence, according to my understanding, user presented
values must be DNs. But yours do not appear to be, but rather the
user presented values seem to be filters. Therefore you need to
define a new LDAPv3 attribute syntax for filter, and allocate it an
OID. YOu will need to liaise with Mark Wahl about the next available
OID number in the series.
ii) When you use extensibleMatch, then according to RFC 2254 the
first component should be the attribute type to be matched on (first
alternative of two possible ones). Again your examples do not seem
to be an attribute type, but rather they have the string targetDN as
the attribute type. Therefore can I suggest as a minimum that you
define a new dummy attribute type of targetDN and give it an OID,
and give it the appropriate semantics.
Your spec should then be more consistent with the current LDAPv3
specs
Regards
David
***************************************************
David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J
***************************************************