[Date Prev][Date Next] [Chronological] [Thread] [Top]

[ldapext] objectIdentifierMatch

To: Ldapext <ldapext@ietf.org>
Subject: [ldapext] objectIdentifierMatch
From: Howard Chu <hyc@highlandsun.com>
Date: Fri, 06 Oct 2006 11:39:25 -0700
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060911 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a

RFC4512 and RFC4517 allow OIDs to be either numeric or short-name descriptors, but the objectIdentifierMatch and objectIdentifierFirstComponentMatch matching rules have no way to determine in what context a descriptor resides. That makes it pretty much impossible to validate these descriptors in arbitrary attributes.

One possible solution would be to specify the namespace in a schema extension:

attributetype ( 1.1.1.1.1.1.1.1.1 NAME 'myAttr' DESC 'The attribute to use' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE X-OID-NAME 'attribute' )

How are others handling this issue?

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

Follow-Ups:
- Re: [ldapext] objectIdentifierMatch
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: [ldapext] objectIdentifierMatch
  - From: Steven Legg <steven.legg@eb2bcom.com>

Next by Date: Re: [ldapext] objectIdentifierMatch
Index(es):
- Chronological
- Thread