[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Matching Rule for Binary?

At 02:28 AM 2/3/2004, Suma Shivaprasad wrote:
>Is there any matching rule for attributes with syntax
>"binary"( in openldap so that one could specify
>the un-encoded value as the ldap search filter and the openldap server could
>then binary encode it before comparision with the actual binary value in the

The Binary syntax is not what you think it is.  The Binary
syntax is for holding BER-encoded data of any ASN.1 data
type.  If you want to store arbitrary octet strings, use
OCTET STRING syntax instead (and the octetStringMatch matching

>for eg : if "abc" is encoded in binary as "YWJjIA==",

Actually, "YWJjIA==" is the base64 encoding of the ASCII
string "abc".  Whether or not the computer uses binary memory
to hold these encodings, well, depends on the computer.  (It's
been a long time since I've toy'ed with non-binary computers.)

Note that LDIF supports base64 encodings of LDAP values.  But,
in the protocol, values are sent in their LDAP string encodings
(which for OCTET STRING, is simply the octet string).  It is
the client, not the server, which converts LDIF (and string
representations of filters) to the proper LDAP (wire) encoding.

I note that this subject is not specific to OpenLDAP Software.
Please use the ldap@umich.edu mailing list for future general
LDAP questions.

To make my answer at least somewhat OpenLDAP-specific, I will
say that OpenLDAP does support the OCTET STRING syntax and
octetStringMatch rule (as well as LDIF and filter strings).