[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OID syntax and NAMEs

To: Michael Ströder <michael@stroeder.com>, openldap-technical@openldap.org
Subject: Re: OID syntax and NAMEs
From: Howard Chu <hyc@symas.com>
Date: Mon, 28 Nov 2016 21:39:28 +0000
In-reply-to: <WM!2625fbe8add86c3eea0475b96a1ba4d21fb385ae7e087bac33e64ed86834a2b24b114185321d294eaca5b389706291ff!@mailstronghold-2.zmailcloud.com>
References: <1cb3d7ca-4353-82ed-cdb9-aa8b9f925311@stroeder.com> <WM!a14f00b92e4d4627b12052c977e72c1b5c5b863c0aa6d2823a3547eb230a749a0257c1304fe6a9779359beed766606f0!@mailstronghold-1.zmailcloud.com> <09316149-d527-3c4b-9c7b-bd753fd29a5c@symas.com> <6c4782b4-fd24-9633-3ed9-5661bc92dec5@stroeder.com> <WM!2625fbe8add86c3eea0475b96a1ba4d21fb385ae7e087bac33e64ed86834a2b24b114185321d294eaca5b389706291ff!@mailstronghold-2.zmailcloud.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46a2

Michael Ströder wrote:

Howard Chu wrote:

Michael Ströder wrote:

Eventual I'd like to have a constraint like this:

# check whether appropriate password policy is assigned
constraint_attribute structuralObjectClass,pwdPolicySubentry
  set "this/structuralObjectClass & this/pwdPolicySubentry/aeApplicableSOC"


Not possible without custom code.


Hmm, are this/structuralObjectClass and this/pwdPolicySubentry generally
unusable in set-constraints?

Or does it not work because of the different matching rules?


Yes, because of the matching rule issue.

This seems to be a deficiency in either ASN.1 or the LDAP spec, I'm not surewhich. The problem is that numeric OIDs are obviously unique, but there's noguarantee that string names are. Moreover, the same name might apply to theOID of an attribute, or an objectclass, or a syntax, or some other entity, andthere's no way to tell the objectIdentifierMatch rule which context isrelevant. So, we can only match on numeric OIDs.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: OID syntax and NAMEs
  - From: Michael Ströder <michael@stroeder.com>

References:
- OID syntax and NAMEs
  - From: Michael Ströder <michael@stroeder.com>
- Re: OID syntax and NAMEs
  - From: Howard Chu <hyc@symas.com>
- Re: OID syntax and NAMEs
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: OID syntax and NAMEs
Next by Date: Re: OID syntax and NAMEs
Index(es):
- Chronological
- Thread