Re: [Fedora-directory-devel] Support for bitwise operations?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2007-03-12 at 13:36 -0700, Pete Rowley wrote:
> Andrew Bartlett wrote:
> > It seems to me that Fedora DS does not support Microsoft's extended
> > match bitwise operations. 
> >
> > I chatted with Pete about it on IRC, but thought to document it here for
> > discussion.  While it would be technically possible for me to filter
> > these on the client side, it becomes silly fast.  I need the LDAP
> > backend side to handle these.
> >
> > This is the kind of search Fedora DS needs to accept, for Samba4 to use
> > it as a backend:
> > (|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))
> >
> >   
> Basic question: why are you storing bit fields in the first place? Why 
> not store the information in a more readily accessible fashion, both to 
> your code, and the administrator of the system? As you noted, the 
> bitwise extensible matches are Microsoft extensions and they have not 
> been specified in any RFC or IETF draft document AFAIK.  Consequently 
> you should not expect the functionality to be generally available in 
> LDAP directory servers.

As we discussed on the phone, I wasn't aware this was a particularly
difficult extension to implement, and was hoping I could rely on this
functionality here.  Having this search operator available in the server
would be very useful, as it would allow these searches to proceed to the
server relatively unmolested by our mapping layer.

These queries come from our clients (such as Windows, expecting to talk
to AD), over LDAP, as well as potentially internally to Samba4. 

I am concerned that filtering these values on the client side, while
possible, would produce excessive network traffic.

I'll be working over the next couple of days on a list of the
requirements that I know Samba4 will have for it's backend server, and
some speculation for areas we may encounter in future. 

It should appear at http://wiki.samba.org/index.php/Samba4/LDAP_Backend

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

Attachment: signature.asc
Description: This is a digitally signed message part

--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux