Re: utility functions for handling Distinguished Names

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Wed, Apr 24, 2002 at 07:08:29PM +0200, Norbert Klasen wrote:
> --On Dienstag, 23. April 2002 14:04 -0700 "Kurt D. Zeilenga" 
> <Ku...@Op...> wrote:
> > At 01:07 PM 2002-04-23, Norbert Klasen wrote:
> >> --On Dienstag, 23. April 2002 15:59 +0100 Graham Barr <gb...@po...>
> 
> ># was specifically designed for CN (and other attributes of
> > directoryString syntax).  See section 7.2 of RFC 2253.  The
> > IETF LDAPbis WG is working on clarifying this.
> 
> > In our C API, we provide functions which do schema neutral
> > normalizations.  We don't convert between native string and
> > BER value forms as that requires knowledge of schema.  Instead,
> > we just indicate whether the value is in native form or
> > in BER form.  We do convert the hex to an octet string containing
> > the BER suitable for (BER) decoding.
> 
> After rerereading RFC2253 (this time including section 7.2 :-) I concur 
> with you. An indication that a value is in BER is required and Graham's 
> approach of making such values a reference seems to be a good way to do it.
> 
> How about this addition to the POD for ldap_explode_dn?

Seems good to me. I will gather everything from this thread and
patch the .pm

Graham.

> 
> @@ -378,6 +365,43 @@
>  Explodes the given B<DN> into an array of hashes.
>  Returns undef if B<DN> is not a valid Distinguished Name.
> 
> +A Distinguished Name is a sequence of Relative Distingushed Names (RDNs), 
> which
> +themselves are sets of Attributes. For each RDN a hash is constructed with 
> the
> +attribute type names as keys and the attribute values as corresponding 
> values.
> +These hashes are then strored in an array in the order in which they 
> appear
> +in the DN.
> +
> +For example, the DN 'OU=Sales+CN=J. Smith,DC=example,DC=net' is exploded 
> to:
> +[
> +  {
> +    'OU' => 'Sales',
> +    'CN' => 'J. Smith'
> +  },
> +  {
> +    'DC' => 'example'
> +  },
> +  {
> +    'DC' => 'net'
> +  }
> +]
> +
> +(RFC2253 string) DNs might also contain values, which are the bytes of the
> +BER encoding of the X.500 AttributeValue rather than some LDAP string 
> syntax.
> +These values are hex-encoded and prefixed with a #. To distingush such BER
> +values, ldap_explode_dn uses references to the actual values,
> +e.g. '1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com' is exploded to:
> +[
> +  {
> +    '1.3.6.1.4.1.1466.0' => \"\004\002Hi"
> +  },
> +  {
> +    'DC' => 'example'
> +  },
> +  {
> +    'DC' => 'com'
> +  }
> +];
> +
>  It also performs the following operations on the given DN:
> 
> 
> 
> -- 
> Norbert Klasen, Dipl.-Inform.
> DAASI International GmbH                 phone: +49 7071 29 70336
> Wilhelmstr. 106                          fax:   +49 7071 29 5114
> 72074 Tübingen                           email: nor...@da...
> Germany                                  web:   http://www.daasi.de
> 
> 