[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3623) hexadecimal representation of attribute value in DN

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3623) hexadecimal representation of attribute value in DN
From: Kurt@OpenLDAP.org
Date: Fri, 1 Apr 2005 15:21:25 GMT

Don't expect implementations (clients or servers) to support
this encoding option for arbitrary attribute types ever.  It
was intended to be used for attribute types, such as
userCertificate, which do not have an LDAP string encoding,
or attributes where all implementations are required to
recognize values in either LDAP-string or BER forms.  Like
type;binary, type=# should go the way of the dodo, as
encoding options cause nothing but interoperability problems.

Kurt

At 02:28 AM 4/1/2005, jgra@vp.pl wrote:
>Full_Name: Janusz Grabowski
>Version: 2.2.24
>OS: Debian Linux
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (193.110.121.9)
>
>
>Hi
>
>I have problems with using hexadecimal representation of attribute value in DN.
>According to RFC 2253 attribute value should be represented as '#' character
>followed by hexadecimal representation of each of the bytes of the BER encoding
>of the X.500  AttributeValue. 
>
>But it seams that the server doesn't decode attributevalue.
>Following is a snip from slapd output in debug mode.
>(This is search with base set to 2.5.4.5=#13057465737431,o=test - alternate
>representation of serialNumber=test1,o=test)
>
>ber_scanf fmt ({miiiib) ber:
>>>> dnPrettyNormal: <2.5.4.5=#13057465737431,o=test>
>=> ldap_bv2dn(2.5.4.5=#13057465737431,o=test,0)
>ldap_err2string
><= ldap_bv2dn(2.5.4.5=#13057465737431,o=test)=0 Success
>=> ldap_dn2bv(272)
>ldap_err2string
><= ldap_dn2bv(serialNumber=#13057465737431,o=test)=0 Success
>=> ldap_dn2bv(272)
>ldap_err2string
><= ldap_dn2bv(serialNumber=#13057465737431,o=test)=0 Success
><<< dnPrettyNormal: <serialNumber=#13057465737431,o=test>,
><serialNumber=#13057465737431,o=test>
>ber_scanf fmt (m) ber:
>ber_scanf fmt ({M}}) ber:
>=> bdb_search
>bdb_dn2entry("serialNumber=#13057465737431,o=test")
>=> bdb_dn2id( "serialNumber=#13057465737431,o=test" )
><= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)
>send_ldap_result: conn=6 op=1 p=3
>send_ldap_response: msgid=2 tag=101 err=32
>ber_get_next
>
>
>How to reproduce a problem:
>1. Import following ldif
>---
>dn: serialnumber=test1, o=test
>objectClass: top
>objectClass: device
>cn: test
>serialNumber: test1
>---
>2. do following searches:
>ldapsearch -x -D "cn=manager,o=test" -w secret -b "serialNumber=test1,o=test"
>"objectclass=*"
>this search is good and server returns the entry
>
>ldapsearch -x -D "cn=manager,o=test" -w secret -b
>"2.5.4.5=#13057465737431,o=test" "objectclass=*"
>this search result in error: No such object
>
>Regards 
>Janusz Grabowski

Prev by Date: Re: (ITS#3267) more modrdn problems
Next by Date: (ITS#3624) [enhancement] slapacl may easily test access to a whole object
Index(es):
- Chronological
- Thread