- only for equality matching
- only components of ASN.1 types used in an X.509 certificate can be indexed
(composite types except for RDN and DN are not supported yet)
- how to use
index [attribute name].[component reference] eq
Ex)
index userCertificate eq
index userCertificate.toBeSigned.issuer.rdnSequence eq
index userCertificate.toBeSigned.serialNumber eq
index userCertificate.toBeSigned.version eq
2) attribute aliasing support
- x509CertificateIssuer
- x509CertificateSerial
- x509CertificateIssuerAndIssuer
3) AuthorityKeyIdentifier support(one of certificate extension)
4) Misc. improvement
- integrate OID and its decoder mapping table
- normalize and validate the values of both component asserions and
extracted components
5) Misc. bug fix
2) nibble type memory support when decoding
3) description type object identifier support
4) OPTIONAL, DEFAULT support in certificate decoder/extractor/matching
5) Misc bug fix
Should reuse other DN routines.
Need to add various other DN matching rule functions.
This commit, combined with entryDN and slapcat -a, should
fully address ITS#3112.
and "implementing GSER and Component Matching" in ODD 2004.
All codes are #ifdef'd with LDAP_COMP_MATCH.
test031-component-filter works correctly only when the LDAP_COMP_MATCH macro is set.
To disable it, set AC_WITH_COMP_MATCH "no" in "openldap_src/tests/run.in".
SLAPI always assigning connection and operation IDs of zero for internal
operations, such operations would cause a stale contextCSN to be returned from
slap_get_commit_csn(). As a result, SLAPI internal updates would be invisible
to replicas until an external update was made. Also, SLAPI internal operations
never called slap_graduate_commit_csn() which leaked pending CSNs.
Also included in this patch is a general cleanup of some of the SLAPI code.
Note that we need to use a separate mutex on conn_nextid to avoid a deadlock
where a post-operation plugin tries to acquire connections_mutex, having locked
the per-connection mutex, while the listener thread tries to acquire the
per-connection mutex (having locked connections_mutex). connection.c needs to
be fixed to acquire mutexes in the same order.
