[Date Prev][Date Next]
Re: How to best handle DN+String and DN+Binary in OL?
Andrew Bartlett wrote:
I'm back on my occasional task of trying to get the OpenLDAP backend to
Samba4 going again, and was hoping to simply test out the fine work done
on the vernum module. (which I should have tested at the time it was
Anyway, Samba has moved on, and things have broken. Part of the changes
relate to these additional DN types (found in AD), of:
#define DSDB_SYNTAX_BINARY_DN "1.2.840.1135184.108.40.2063"
#define DSDB_SYNTAX_STRING_DN "1.2.840.1135220.127.116.114"
#define DSDB_SYNTAX_OR_NAME "1.2.840.113518.104.22.1681"
These are quite odd in their behaivour, but in short they are both a
string or binary blob and a DN, all in one. Only the DN portion is
relevant for attribute matching rules.
Currently, I map these to strings, but they are not strings - and need
proper DN match rules, as I need to be able to use the 'deref' module on
them (and to correctly handle the case sensitive/insensitive nature of
What is the best way to get OpenLDAP to understand it needs to match on
and follow references to the DN part of these values?
Good question. So far the only way to get DN semantics is by using
distinguishedName syntax. In a few places we've also special-cased recognition
of NameAndOptionalUID syntax, but that's not universal. I suppose, if you can
shoehorn your extra blobs into the UID portion, you can use that syntax and we
can figure out where else it needs to be accepted.
(Additionally, even when just use deref with normal DNs, I'm not getting
a the control response, but I need to get more info before I can pin the
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/