[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: matching rules for directoryString [was: Re: CIM24 schema tweaks]

"Larry S. Bartz" wrote:
> 
> rmoats@coreon.net wrote:
> >
> .[snip]
> > What do you suggest as the
> > equality match?  Based on my reading of the X.500-series and
> > LDAP RFCs the only option for Directory Strings is
> > caseIgnoreMatch, and I'm not at all comfortable with
> > declaring that as the matching rule for a syntax that holds
> > UTF-8 strings.
> [snip]
> >
> 

Larry wrote the following text to justify using caseExactMatch. However,
what he forgot to include (which is even more compelling evidence) is
that X.500 (and LDAPv3) support dynamic allocation of matching rules to
attributes through the use of the MatchingRuleUse schema element.
Therefore in theory all LDAP servers should be able to support caseExact
for directory strings

David


> I'm reading X.501 and X.520 from
> ftp://ftp.bull.com/pub/OSIdirectory/4thEditionTexts/ (hurry for your
> copy). Although these are drafts from the 4th edition of the X.500
> series, it does not appear that the sections which apply to this
> immediate issue are new or different from current/previous documents.
> 
> X.501 requires that the assertion syntax of the matching rule and
> the syntax of attributes to which the matching rule is applied
> must be equivalent. See section 13.5.
> 
> X.520 defines a caseExactMatch rule which applies to directoryString
> attributes. See section 6.1.4.
> 
> Section 8 of RFC2252 does not mention a caseExactMatch rule which
> applies to directoryString attributes. But neither does it appear that
> section 8 was intended to describe the entire universe of allowable
> or appropriate matching rules. Nothing in RFC2252's section 8 precludes
> a Directory implementation from supporting matching rules beyond those
> which are enumerated.
> 
> Section 3.3 of RFC2251 asserts LDAP's relationship to X.500 and the
> requirement for LDAP servers to support the X.500 data and service
> models.
> 
> Based on these facts, think it is reasonable to specify caseExactMatch
> for directoryString attributes. Further, I think it is reasonable to
> expect that Directory implementations will support it.
> 
> Also see http://www.alvestrand.no/objectid/2.5.13.5.html
> 
> Note that the specification of caseExactMatch for directoryString
> attributes did not prevent RFCs 2713 and 2714 from obtaining.
> 
> --
> #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::|
> # Larry Bartz                           |                              |
> #  lbartz@parnelli.indy.cr.irs.gov      | Ooo, ooo,                    |
> #                                       | Ooo, ooo, oooooo!            |
> #                                       | I've got a gnu attitude!     |
> #  voice (317) 226-7060                 |                              |
> #  FAX   (317) 226-6378                 |                              |
> #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::|

-- 
*****************************************************************

David Chadwick, BSc PhD
Post: IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 161 745 8169
Mobile: +44 790 167 0359
Email: D.W.Chadwick@salford.ac.uk
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500:  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J

*****************************************************************
begin:vcard 
n:Chadwick;David
tel;fax:+44 1484 532930
tel;home:+44 790 167 0359
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
adr:;;;;;;
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
x-mozilla-cpt:;-16144
fn:David Chadwick
end:vcard