[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: DN matching rules

> >>>>> I see that openldap supports a number of matching rules for DNs,
> >>>>> e.g. dnOneLevelMatch, dnSubtreeMatch, dnSubordinateMatch and
> >>>>> dnSuperiorMatch.
> > I have not found documentation anywhere that describes how these matching rules work.
> >
> > I can try out examples and/or read the openldap source code to try and deduce their behaviour, but I'd
> > prefer to see documentation.
> This feature has been present in OpenLDAP since 2004.
> https://www.openldap.org/its/private.cgi/Archive.Software%20Enhancements?id=3112;selectid=3112;usearchives=1
That link needs a login.

> Nobody has asked for docs thus far, because everybody recognizes that
> subtree/onelevel/subordinate are the same as the corresponding LDAP search
> scopes, and their behavior is already specified.

Ok, but there's no superior scope. Also, while it's possible to try and deduce behaviour by similarity of names and by experiment, that's not a foolproof method, which is why I asked for a link to documentation. What little documentation I did find indicates that these matching rules are 'experimental' and shouldn't be used in released code (http://www.openldap.org/faq/data/cache/200.html) - is that still the case?