Mike C wrote:
>
> Object o = ctx.lookup("memberUid=steves,ou=People");
Attribute 'memberUid' was never meant to be used within a user entry.
So general advice is to define a better schema and sanitize your data.
You probably already know that. ;-)
> I've even tried changing the
> definition of memberUid in config/schema/10rfc2307.ldif to use
>
> attributeTypes: (
> 1.3.6.1.1.1.1.12
> NAME 'memberUid'
> DESC 'Standard LDAP attribute type'
> EQUALITY caseExactIA5Match
> SUBSTRINGS caseExactIA5SubstringsMatch
> SYNTAX 'IA5String'
> )
>
> Ideas?
Well, looking at the schema in FDS there's no such matching rule named
'caseExactIA5Match' (IMO the server shouldn't even start with such a
mis-defined schema element declaration). The only caseExact* matching
rules listed in the subschema are 'caseExactOrderingMatch-en' and
'caseExactSubstringMatch-en' which both does not look suitable to me.
Strange enough there's not even an EQUALITY matching rule defined for
attribute type 'memberUid' at all...
I really wonder whether default matching rules are applied for certain
LDAP syntaxes and how to find out which these are.
Ciao, Michael.
