[Fedora-directory-devel] Support for bitwise operations?

Andrew Bartlett abartlet at samba.org
Tue Mar 13 01:24:57 UTC 2007 

On Mon, 2007-03-12 at 13:36 -0700, Pete Rowley wrote:
> Andrew Bartlett wrote:
> > It seems to me that Fedora DS does not support Microsoft's extended
> > match bitwise operations. 
> >
> > I chatted with Pete about it on IRC, but thought to document it here for
> > discussion.  While it would be technically possible for me to filter
> > these on the client side, it becomes silly fast.  I need the LDAP
> > backend side to handle these.
> >
> > This is the kind of search Fedora DS needs to accept, for Samba4 to use
> > it as a backend:
> > (|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))
> >
> >   
> Basic question: why are you storing bit fields in the first place? Why 
> not store the information in a more readily accessible fashion, both to 
> your code, and the administrator of the system? As you noted, the 
> bitwise extensible matches are Microsoft extensions and they have not 
> been specified in any RFC or IETF draft document AFAIK.  Consequently 
> you should not expect the functionality to be generally available in 
> LDAP directory servers.

As we discussed on the phone, I wasn't aware this was a particularly
difficult extension to implement, and was hoping I could rely on this
functionality here.  Having this search operator available in the server
would be very useful, as it would allow these searches to proceed to the
server relatively unmolested by our mapping layer.

These queries come from our clients (such as Windows, expecting to talk
to AD), over LDAP, as well as potentially internally to Samba4. 

I am concerned that filtering these values on the client side, while
possible, would produce excessive network traffic.

I'll be working over the next couple of days on a list of the
requirements that I know Samba4 will have for it's backend server, and
some speculation for areas we may encounter in future. 

It should appear at http://wiki.samba.org/index.php/Samba4/LDAP_Backend

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20070313/075bf8e5/attachment.sig>

More information about the Fedora-directory-devel mailing list