may need optimization;
uncomment #define USE_LDAP_DN_PARSING in libraries/libldap/getdn.c
to enable its use.
The ava/rdn/dn handling routines (append, insert, free and so) must
be made available thru declaration in some header.
Includes rewriting of URLs where the DN of the referral object
and the DN of the ref attribute attribute are not the same.
Also, always returns explicit DN and scope.
Currently, back-ldbm only. Needs to be ported to back-bdb.
Developed by Steve Omrani/IBM
Copyright IBM Corp. 2001
Use of this source code is subject to the terms of The OpenLDAP
Public License Version 2.7, 7 September 2001. No trademarks of the
IBM Corporation are to be used to identify, endorse or promote any
products derived from this code without the prior written consent
of IBM.
Use presence indices in support of >= and <=.
(Note presence indices could be used to support = and substr in
like fashion where eq and substr indices are not maintained, but
I'll save that for another day.)
Developed by Julius Enarusai/IBM
Copyright IBM Corp. 2001
Use of this source code is subject to the terms of The OpenLDAP
Public License Version 2.7, 7 September 2001. No trademarks of the
IBM Corporation are to be used to identify, endorse or promote any
products derived from this code without the prior written consent
of IBM.
in a check. This way you have to say:
index userCertificate eq
If we remove it, we could say:
index userCertificate;binary eq
I have not tried the latter.
you can search efficiently the directory for a certificate.
Notice that we index certificates just as serial integers. A full
index should combine the issuer DN too, but I think in most scenarios
that would be extremely redundant and of little benefit. We can add
an option later to do full indexing.
Apparently, we refuse to index ;binary attributes. That is mostly
bogus. Whether it is indexable or not depends on whether we know how
to or not, nothing more. I.e., the existance of indexer and filter
functions for the matching rules that are relevant to the attribute
type.
values as stored in the entry on the one hand and an assertion value
that is not necessarily of the same syntax. So tell value_match this
is the case by setting SLAP_MR_VALUE_IS_IN_MR_SYNTAX in flags.
if needed. This is controlled by SLAP_MR_VALUE_IS_IN_MR_SYNTAX,
a new flag that should be set when evaluating filters such as in
searches and compares and unset otherwise (such as in modify).
Now, some callers of value_match, notably value_find, don't know
whether to set it or not. We'll see to that.
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
Deleted ad_free() everywhere
Added ad_mutex to init.c
The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
error reporting to client and syslog. And indexing, of course.
Now, the problem is that matching rules get called from different
places that are inconsistent in what an assertedValue is. When doing
a modify, a full certificate value is passed (to verify it isn't
already there). When doing a search or compare, the passed value is
in the syntax of the matching rule.
Consistency would require that the caller extracts an asserted value
from the full value before calling smr_match. It can do this by
calling smr_convert (it was unused, was it meant to be used for
this?).
Unfortunately, the caller is typically value_find, value_match, etc.
that have themselves little knowledge of what they are dealing with,
so their interface needs to be extended, new flag values or new
arguments, so that they know if they have a value in attribute type
syntax or in matching rule syntax.
