Re: utility functions for handling Distinguished Names

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

--On Dienstag, 23. April 2002 14:04 -0700 "Kurt D. Zeilenga"=20
<Ku...@Op...> wrote:
> At 01:07 PM 2002-04-23, Norbert Klasen wrote:
>> --On Dienstag, 23. April 2002 15:59 +0100 Graham Barr <gb...@po...>

># was specifically designed for CN (and other attributes of
> directoryString syntax).  See section 7.2 of RFC 2253.  The
> IETF LDAPbis WG is working on clarifying this.

> In our C API, we provide functions which do schema neutral
> normalizations.  We don't convert between native string and
> BER value forms as that requires knowledge of schema.  Instead,
> we just indicate whether the value is in native form or
> in BER form.  We do convert the hex to an octet string containing
> the BER suitable for (BER) decoding.

After rerereading RFC2253 (this time including section 7.2 :-) I concur=20
with you. An indication that a value is in BER is required and Graham's=20
approach of making such values a reference seems to be a good way to do it.

How about this addition to the POD for ldap_explode_dn?

@@ -378,6 +365,43 @@
 Explodes the given B<DN> into an array of hashes.
 Returns undef if B<DN> is not a valid Distinguished Name.

+A Distinguished Name is a sequence of Relative Distingushed Names (RDNs),=20
which
+themselves are sets of Attributes. For each RDN a hash is constructed with =

the
+attribute type names as keys and the attribute values as corresponding=20
values.
+These hashes are then strored in an array in the order in which they=20
appear
+in the DN.
+
+For example, the DN 'OU=3DSales+CN=3DJ. Smith,DC=3Dexample,DC=3Dnet' is =
exploded=20
to:
+[
+  {
+    'OU' =3D> 'Sales',
+    'CN' =3D> 'J. Smith'
+  },
+  {
+    'DC' =3D> 'example'
+  },
+  {
+    'DC' =3D> 'net'
+  }
+]
+
+(RFC2253 string) DNs might also contain values, which are the bytes of the
+BER encoding of the X.500 AttributeValue rather than some LDAP string=20
syntax.
+These values are hex-encoded and prefixed with a #. To distingush such BER
+values, ldap_explode_dn uses references to the actual values,
+e.g. '1.3.6.1.4.1.1466.0=3D#04024869,DC=3Dexample,DC=3Dcom' is exploded =
to:
+[
+  {
+    '1.3.6.1.4.1.1466.0' =3D> \"\004\002Hi"
+  },
+  {
+    'DC' =3D> 'example'
+  },
+  {
+    'DC' =3D> 'com'
+  }
+];
+
 It also performs the following operations on the given DN:



--=20
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 T=FCbingen                           email: nor...@da...
Germany                                  web:   http://www.daasi.de




