[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OID syntax and NAMEs

Michael Ströder wrote:

I've declared an attribute type like this with LDAP syntax OID:

  NAME 'aeApplicableSOC'
  DESC 'AE-DIR: structural object classes for which policy is applicable'
  EQUALITY objectIdentifierMatch

Which is pretty similar to this:

  NAME 'objectClass'
  DESC 'RFC4512: object classes of the entity'
  EQUALITY objectIdentifierMatch

Now I wonder why I can't use the object class NAMEs instead of the OIDs as
attribute or assertion values, e.g. why I can't find the entries with filter

This reminds me a bit of the similar OID vs. NAME issue with 'pwdAttribute' in
'pwdPolicy' entries.

It's the exact same issue. The objectIdentifierMatch function only works with numeric OIDs. The ppolicy overlay inserts its own matching function to make the name work.

Eventual I'd like to have a constraint like this:

# check whether appropriate password policy is assigned
constraint_attribute structuralObjectClass,pwdPolicySubentry
  set "this/structuralObjectClass & this/pwdPolicySubentry/aeApplicableSOC"

Not possible without custom code.

Ciao, Michael.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/