[Fedora-directory-devel] Support for bitwise operations?

Andrew Bartlett abartlet at samba.org
Tue Mar 13 10:47:12 UTC 2007 

On Mon, 2007-03-12 at 13:36 -0700, Pete Rowley wrote:
> Andrew Bartlett wrote:
> > It seems to me that Fedora DS does not support Microsoft's extended
> > match bitwise operations. 
> >
> > I chatted with Pete about it on IRC, but thought to document it here for
> > discussion.  While it would be technically possible for me to filter
> > these on the client side, it becomes silly fast.  I need the LDAP
> > backend side to handle these.
> >
> > This is the kind of search Fedora DS needs to accept, for Samba4 to use
> > it as a backend:
> > (|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))
> >
> >   
> Basic question: why are you storing bit fields in the first place? Why 
> not store the information in a more readily accessible fashion, both to 
> your code, and the administrator of the system? As you noted, the 
> bitwise extensible matches are Microsoft extensions and they have not 
> been specified in any RFC or IETF draft document AFAIK.  Consequently 
> you should not expect the functionality to be generally available in 
> LDAP directory servers.

Looking over this, it seems possible to write this as a slapi plugin,
which I can then host (no doubt with other random hacks/patches/etc to
make this thing happen) in Samba's lorikeet repository.  

I've looked around, and I can't find a free skeleton slapi module to
work/hack from, aside from this one:
http://docs.sun.com/source/817-7617/matching.html (which I won't use,
because the copyright status is unclear to me).

Is there an example matching rule plugin (that I can use in Fedora DS)
out there?  

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20070313/5b6d67c7/attachment.sig>

More information about the Fedora-directory-devel mailing list