[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Case (in)sensitivity in 'by set' ACL?


I appreciate your taking the time to answer this.

I was careful in my original mail not to be complaining that the behavior had changed. I was just asking for the clarification of what behavior I should expect now and in future, wrt the case I ran into. You've provided that, at least in part.

I'd guess that in response to your other points, enhancement suggestions such as syntax for defining matching rules seem like just that (enhancement suggestions), but documentation of what sets do _now_ would still be welcome. I'd rewrite your statement to say, users of sets should be prepared to understand and accept the behavior of the implementation as it is--but this discussion on normalization etc might be something for faq-o-matic?



Pierangelo Masarati wrote:
Sets are weakly typed (actually, they're untyped) because they are
intended to mix up stuff in string form, much like regular expressions
(which are case insensitive by default).  Since there is no formal
specification of sets, their implementation uses the normalized value when
expanding stuff, while it uses case-sensitive comparison (actually,
octetStringMatch).  As a consequence, literals should be provided in
normalized form, whatever it is.  Simple case-insensitive comparison would
not suffice, as the normalized form of many matching rules implies much
more than case insensitivity (think of telephoneNumberMatch, for example).

There has been discussion, in the past, about the opportunity to have a
more formal specification of sets, and to extend their syntax to allow to
specify what matching rules should be used to compare values (much like in
extensible match filters).  Feel free to suggest improvements; however, I
believe that sets are so "specialized" that they require some deep
knowledge of the internals of slapd (consider that they're essentially
undocumented); this knowledge should imply the capability to provide
normalized strings as literals.


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office: +39.02.23998309 Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it


Matt Benjamin

The Linux Box
206 South Fifth Ave. Suite 150
Ann Arbor, MI  48104


tel. 734-761-4689
fax. 734-769-8938
cel. 734-216-530