[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[ldapext] objectIdentifierMatch
- To: Ldapext <ldapext@ietf.org>
- Subject: [ldapext] objectIdentifierMatch
- From: Howard Chu <hyc@highlandsun.com>
- Date: Fri, 06 Oct 2006 11:39:25 -0700
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060911 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a
RFC4512 and RFC4517 allow OIDs to be either numeric or short-name
descriptors, but the objectIdentifierMatch and
objectIdentifierFirstComponentMatch matching rules have no way to
determine in what context a descriptor resides. That makes it pretty
much impossible to validate these descriptors in arbitrary attributes.
One possible solution would be to specify the namespace in a schema
extension:
attributetype ( 1.1.1.1.1.1.1.1.1
NAME 'myAttr'
DESC 'The attribute to use'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
SINGLE-VALUE
X-OID-NAME 'attribute' )
How are others handling this issue?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext