[Date Prev][Date Next] [Chronological] [Thread] [Top]

OID syntax and NAMEs


I've declared an attribute type like this with LDAP syntax OID:

  NAME 'aeApplicableSOC'
  DESC 'AE-DIR: structural object classes for which policy is applicable'
  EQUALITY objectIdentifierMatch

Which is pretty similar to this:

  NAME 'objectClass'
  DESC 'RFC4512: object classes of the entity'
  EQUALITY objectIdentifierMatch

Now I wonder why I can't use the object class NAMEs instead of the OIDs as
attribute or assertion values, e.g. why I can't find the entries with filter

This reminds me a bit of the similar OID vs. NAME issue with 'pwdAttribute' in
'pwdPolicy' entries.

Eventual I'd like to have a constraint like this:

# check whether appropriate password policy is assigned
constraint_attribute structuralObjectClass,pwdPolicySubentry
  set "this/structuralObjectClass & this/pwdPolicySubentry/aeApplicableSOC"

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature