[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to best handle DN+String and DN+Binary in OL?

Andrew Bartlett wrote:
I'm back on my occasional task of trying to get the OpenLDAP backend to
Samba4 going again, and was hoping to simply test out the fine work done
on the vernum module.  (which I should have tested at the time it was

Anyway, Samba has moved on, and things have broken.  Part of the changes
relate to these additional DN types (found in AD), of:

#define DSDB_SYNTAX_BINARY_DN   "1.2.840.113556.1.4.903"

#define DSDB_SYNTAX_STRING_DN   "1.2.840.113556.1.4.904"

#define DSDB_SYNTAX_OR_NAME     "1.2.840.113556.1.4.1221"

These are quite odd in their behaivour, but in short they are both a
string or binary blob and a DN, all in one.  Only the DN portion is
relevant for attribute matching rules.

Currently, I map these to strings, but they are not strings - and need
proper DN match rules, as I need to be able to use the 'deref' module on
them (and to correctly handle the case sensitive/insensitive nature of

What is the best way to get OpenLDAP to understand it needs to match on
and follow references to the DN part of these values?

Good question. So far the only way to get DN semantics is by using distinguishedName syntax. In a few places we've also special-cased recognition of NameAndOptionalUID syntax, but that's not universal. I suppose, if you can shoehorn your extra blobs into the UID portion, you can use that syntax and we can figure out where else it needs to be accepted.

(Additionally, even when just use deref with normal DNs, I'm not getting
a the control response, but I need to get more info before I can pin the
details down)


Andrew Bartlett

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/