[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Returning Matched Values with LDAPv3

To: <david.a.cahlander@syntegra.com>, <ietf-ldapext@netscape.com>
Subject: RE: Returning Matched Values with LDAPv3
From: "Steven Legg" <steven.legg@adacel.com.au>
Date: Wed, 18 Oct 2000 16:25:22 +1100
Cc: <d.w.chadwick@salford.ac.uk>
Importance: Normal
In-reply-to: <iss.8fb.39ec9e14.df97d.1@wally.udev.cdc.com>

David,

> -----Original Message-----
> From: david.a.cahlander@syntegra.com
> [mailto:david.a.cahlander@syntegra.com]
> Sent: Wednesday, 18 October 2000 5:45
> To: ietf-ldapext@netscape.com
> Subject: Returning Matched Values with LDAPv3
> 
> 
> In reference to
> 
> 	
> http://www.ietf.org/internet-drafts/draft-ietf-ldapext-matched
> val-04.txt
> 
> I don't understand the filter used in example (3):
> 
>     ValuesReturnFilter control is set to 
> (userCertificate:2.5.13.35:=USE'001'B)

The assertion syntax here is actually incorrect.
The filter should read:

(userCertificate:2.5.13.35:=( USE '001'B ))

> 	
> Some reference to a source of "string to filter" for
> 
> 	USE'001'B
> 
> would help.

It is an encoding of a <CertificateAssertion> defined in Section 3.2 of
http://www.ietf.org/internet-drafts/draft-ietf-pkix-ldap-schema-01.txt,
which example (3) already references.
 
> 
> It is not clear from the description if example (2) could 
> return the result
> on the basis of the name 'gunk' instead of on the basis of the OID.
> 
> Does the substring filter capability allow a filter of the form:
> 
> 	(attributeTypes=*'gunk'*)
> 
> If I knew the OID number of "gunk", the entire 
> "attributeTypes" attribute of
> the schema entry has probably been read, and I don't need the 
> LDAP extension
> to read it.
> 
> An example to retrieve an "objectClasses" attribute would 
> help.  I assume
> that this could be:
> 
> 	(objectClasses:NAME:=inetOrgPerson)
> 
> Is that correct? Would the filter
> 
> 	(objectClasses=*'inetOrgPerson'*)
> 
> work to get this string?

Kurt has already pointed out that substring matching on attributeTypes
or objectClasses is undefined. However matching attributeTypes or
objectClasses values by name is something that is supported by
the component matching rules draft that I've nearly finished writing up.
The filters in this case would look like:

	(attributeTypes:componentFilterMatch:=item:{ component "name.*",
		rule caseIgnoreMatch, value "gunk" })

	(objectClasses:componentFilterMatch:=item:{ component "name.*",
		rule caseIgnoreMatch, value "inetOrgPerson" })

They could be used in a search filter or a ValuesReturnFilter.

Regards,
Steven

> 
> Thanks.
> -- 
> David A. Cahlander  651-415-3171 Syntegra 
> David.A.Cahlander@Syntegra.com
> 
>

References:
- Returning Matched Values with LDAPv3
  - From: david.a.cahlander@syntegra.com

Prev by Date: ADV - 10 MILLION ADDRESSES CHEAP!
Next by Date: Matched values: valuesReturnFilter string representation
Index(es):
- Chronological
- Thread