[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] True filter vs. (objectClass=*)
Disregard my last post. I hadn't had my morning coffee yet.
I was reading this with respect to the wrong I-D (ldapbis-protocol, not
draft-zeilenga-ldap-t-f). And the DEFAULT of "and : {}" is the LDAP (&).
John McMeeking
John
McMeeking/Rocheste To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
r/IBM@IBMUS cc: ldapext@ietf.org
Sent by: Subject: Re: [ldapext] True filter vs. (objectClass=*)
ldapext-admin@ietf
.org
01/02/2004 07:02
AM
I do not believe (&) or (|) are valid filters, though the ASN.1 does seem
to imply they are valid.
RFC 2251 and [protocol], para 4.5.1:
The 'and', 'or' and 'not' choices can be used to form combinations of
filters. At least one filter element MUST be present in an 'and' or
'or' choice.
I interpret that as meaning you can do (&(...)) or (|(...)), where (...) is
some filter element, but not (&) or (|).
I don't know how to interpret the "and : {} " in X.511:
SearchArgument ::= OPTIONALLY-PROTECTED {
SET {
[intervening components deleted]
filter [2] Filter DEFAULT and : { },
John McMeeking
Hallvard B
Furuseth To: ldapext@ietf.org
<h.b.furuseth@usi cc:
t.uio.no> Subject: [ldapext] True
filter vs. (objectClass=*)
Sent by:
ldapext-admin@iet
f.org
01/01/2004 08:13
AM
I suggest to add this statement to draft-zeilenga-ldap-t-f:
Whenever the "(objectClass=*)" filter will succeed (including
reading the Root DSE), the "(&)" filter will also succeed.
rfc2251 section 3.4 explicitly says the (objectClass=*) filter
should be used to read the root DSE. It does _not_ say 'any filter
which matches the root DSE', so as currently defined the TRUE filter
might not work here. (OTOH, there is one filter which properly may
succeed when TRUE fails: (objectClass=subschema) to read schema.)
--
Hallvard
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext