On Mon, 2007-03-12 at 13:36 -0700, Pete Rowley wrote: > Andrew Bartlett wrote: > > It seems to me that Fedora DS does not support Microsoft's extended > > match bitwise operations. > > > > I chatted with Pete about it on IRC, but thought to document it here for > > discussion. While it would be technically possible for me to filter > > these on the client side, it becomes silly fast. I need the LDAP > > backend side to handle these. > > > > This is the kind of search Fedora DS needs to accept, for Samba4 to use > > it as a backend: > > (|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10)) > > > > > Basic question: why are you storing bit fields in the first place? Why > not store the information in a more readily accessible fashion, both to > your code, and the administrator of the system? As you noted, the > bitwise extensible matches are Microsoft extensions and they have not > been specified in any RFC or IETF draft document AFAIK. Consequently > you should not expect the functionality to be generally available in > LDAP directory servers. Looking over this, it seems possible to write this as a slapi plugin, which I can then host (no doubt with other random hacks/patches/etc to make this thing happen) in Samba's lorikeet repository. I've looked around, and I can't find a free skeleton slapi module to work/hack from, aside from this one: http://docs.sun.com/source/817-7617/matching.html (which I won't use, because the copyright status is unclear to me). Is there an example matching rule plugin (that I can use in Fedora DS) out there? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
