[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[ldapext] objectIdentifierMatch
- To: Ldapext <ldapext@ietf.org>
- Subject: [ldapext] objectIdentifierMatch
- From: Howard Chu <hyc@highlandsun.com>
- Date: Wed, 15 Feb 2006 03:23:07 -0800
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060209 SeaMonkey/1.5a Mnenhy/0.7.3.0
It seems this matching rule is rather difficult to use in practice,
given that it's supposed to accept textual descriptors in addition to
numeric OIDs, but there's no way for apps to know in what context the
valid descriptors reside. (See
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4025 for an
example of how this affected our password policy implementation,
ITS#4402 for another user tripping over it in an arbitrary schema.)
I was thinking that using a new extension like e.g. X-NAMESPACE 'attr'
to attribute definitions with this matching rule might help make things
less ambiguous. Suggestions?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext