Re: DN comparision not using compare function

[<ne...@na...>]

Thanks Chris.  I think that Mozilla::LDAP might have a canonicalization
function that should work and be a little bit more complete than my hack :
-P  I haven't tried it yet so I may be wrong.

I think your suggestion of  a compare on the server is probably the correct
way to do things to avoid all kinds of possible nastiness.

     Cheers,

          SteveN







Chris Ridd <chr...@me...>@lists.sourceforge.net on
02/12/2001 04:05:12 AM

From: Chris Ridd <chr...@me...>@lists.sourceforge.net on
      02/12/2001 04:05 AM

Sent by:  per...@li...

To:   Steve Neruda <ne...@na...>
      per...@li...
cc:
Subject:  Re: DN comparision not using compare function


Steve Neruda <ne...@na...> wrote:
> I have written a script that makes sure that the indexes on the slave
> servers are consistent with the master server.  I am having problems
> finding a good way to compare DNs correctly. I do a search on each
> server for to get all the indexes, then I need to compare the DN's to
> see if the indexes exist on all the servers.
>
> It appears that Net::LDAP does not normalize the DN before hashing it
> into a structure.  Therefore if I do a comparison of the DN's and one
> happens to be capitalized (or spaces differently, or ??) then comparing
> DNs will fail.

That looks about right. Net::LDAP simply uses the bytes that were sent by
the server as the DN without trying to interpret them too much.

I'm not sure it is a Net::LDAP bug, rather just the "way it works".

> I want to do a single search on each server rather than do a ->compare
> on each attribute.  Is there a better method for comparing DNs between
> two servers to find out if they match?

I can't think of one. Your canonicalization (lower-casing the entire DN)
will of course not work for many cases, but I guess you're aware of that.
It might be good enough to solve your immediate problem.

To be complete I think Unicode says that you should convert to upper-case,
and you need to deal with the different ways to encode accented characters,
the different ordering of multi-AVA RDNs (cn=Foo Bar+uid=baz,...), the
different ways of encoding the attribute types and values, etc etc etc.
Pretty hard to do it all correctly!

And that's assuming you're using LDAPv3 to access the directory. For LDAPv2
there are more problems. :-)

How painful would it be to use compare operations against one of the
servers? It strikes me that would be a *lot* easier, assuming the server
did these things correctly.

Cheers,

Chris