> Howard Chu wrote: >> Andrew Bartlett wrote: >>> On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote: >>>> Andrew Bartlett wrote: >>>>> What is the best way to get OpenLDAP to understand it needs to match >>>>> on >>>>> and follow references to the DN part of these values? >>>> >>>> Good question. So far the only way to get DN semantics is by using >>>> distinguishedName syntax. In a few places we've also special-cased >>>> recognition >>>> of NameAndOptionalUID syntax, but that's not universal. I suppose, if >>>> you can >>>> shoehorn your extra blobs into the UID portion, you can use that >>>> syntax and we >>>> can figure out where else it needs to be accepted. >>> >>> Looking over the definition of NameAndOptionalUID, shoehorn would >>> certainly be the correct expression... But yes, it looks to me like I >>> just need to convert every binary or string element into a bitstring of >>> it's bits. >> >> Yeah, bitstrings are a PITA. The better way might be to just define a >> new >> syntax and matching rules that stores exactly what you want. We can >> define a >> new syntax flag SLAP_SYNTAX_DN_LIKE or somesuch, and change all of those >> places that were hardcoded to look for DN syntax to use this flag >> instead. > > The other places that are interesting in this regard are in the ACL engine > and > anything that uses librewrite. Rewrites are trickier because the rewrite > code > needs to be able to isolate just the DN portion for rewriting, and > preserve > any other blob attached to an attribute.
This would probably be the caller's business; for example, slapo-rwm and back-meta where DN-valued (or SLAP_SYNTAX_DN_LIKE-valued) attributes are rewritten. Probably, each syntax normalizer's duty would be to isolate the DN portion and feed it to dnNormalize(). p. p.
