[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Selecting matching rule for compare operation?

Pierangelo Masarati wrote:

Pierangelo Masarati wrote:

Maybe I'm missing something, but (unless the compare operation is to be considered obsolete) there's a need for flexibility in performing comparisons, e.g. a mech to select appropriate matching rules when asserting values.

Scenario: want to know if a server supports a certain control; supportedControl doesn't define an EQUALITY rule; however, it's syntax is OID.

Quick'n'(not so)dirty: ldapsearch -b "" -s base "(supportedControl:objectIdentifierMatch:=<OID>)" # if exactly one entry is returned, the DSA supports the control

Clean (would be) solution: ldapcompare "" "supportedControl/objectIdentifierMatch:<OID>" # compareTrue if value exists according to specified matchingRule

Is there a better/more rfc-compliant way (other than defining an EQUALITY rule for that attribute)?

After a bit more reading I found the "assert" control, so that: ldapcompare -e\!"assert=(supportedControl:objectIdentifierMatch:=1.2.840.113556.1.4.1413)" "" "objectClass:top" yields the expected result. However, at this point I don't much see the difference between this and the first solution listed above. In some sense, this tells me that the "compare" operation is dying...

...moreover, this would set a chicken'n'egg problem when trying to assess whether the "assert" control is supported or not by the DSA ;)


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497