Menu
▾
▴
perl-ldap-dev
|
From: <ne...@na...> - 2001-02-12 16:15:28
|
Thanks Chris. I think that Mozilla::LDAP might have a canonicalization
function that should work and be a little bit more complete than my hack :
-P I haven't tried it yet so I may be wrong.
I think your suggestion of a compare on the server is probably the correct
way to do things to avoid all kinds of possible nastiness.
Cheers,
SteveN
Chris Ridd <chr...@me...>@lists.sourceforge.net on
02/12/2001 04:05:12 AM
From: Chris Ridd <chr...@me...>@lists.sourceforge.net on
02/12/2001 04:05 AM
Sent by: per...@li...
To: Steve Neruda <ne...@na...>
per...@li...
cc:
Subject: Re: DN comparision not using compare function
Steve Neruda <ne...@na...> wrote:
> I have written a script that makes sure that the indexes on the slave
> servers are consistent with the master server. I am having problems
> finding a good way to compare DNs correctly. I do a search on each
> server for to get all the indexes, then I need to compare the DN's to
> see if the indexes exist on all the servers.
>
> It appears that Net::LDAP does not normalize the DN before hashing it
> into a structure. Therefore if I do a comparison of the DN's and one
> happens to be capitalized (or spaces differently, or ??) then comparing
> DNs will fail.
That looks about right. Net::LDAP simply uses the bytes that were sent by
the server as the DN without trying to interpret them too much.
I'm not sure it is a Net::LDAP bug, rather just the "way it works".
> I want to do a single search on each server rather than do a ->compare
> on each attribute. Is there a better method for comparing DNs between
> two servers to find out if they match?
I can't think of one. Your canonicalization (lower-casing the entire DN)
will of course not work for many cases, but I guess you're aware of that.
It might be good enough to solve your immediate problem.
To be complete I think Unicode says that you should convert to upper-case,
and you need to deal with the different ways to encode accented characters,
the different ordering of multi-AVA RDNs (cn=Foo Bar+uid=baz,...), the
different ways of encoding the attribute types and values, etc etc etc.
Pretty hard to do it all correctly!
And that's assuming you're using LDAPv3 to access the directory. For LDAPv2
there are more problems. :-)
How painful would it be to use compare operations against one of the
servers? It strikes me that would be a *lot* easier, assuming the server
did these things correctly.
Cheers,
Chris
|
|
From: <ne...@na...> - 2001-02-12 16:43:10
Attachments:
dn
|
That would be awesome! Let me know if I can be of any help.
SteveN
Graham Barr <gb...@po...> on 02/12/2001 11:38:40 AM
From: Graham Barr <gb...@po...> on 02/12/2001 11:38 AM
To: ne...@na...
cc: Chris Ridd <chr...@me...>
per...@li...
Subject: Re: DN comparision not using compare function
On Mon, Feb 12, 2001 at 11:15:47AM -0500, ne...@na... wrote:
>
> Thanks Chris. I think that Mozilla::LDAP might have a canonicalization
> function that should work and be a little bit more complete than my hack
:
> -P I haven't tried it yet so I may be wrong.
I am sure I have posted this before, and I am considering adding it to
Net::LDAP::Util
Graham.
(See attached file: dn)
|
|
From: Graham B. <gb...@po...> - 2001-02-13 10:33:56
|
Some example DNs to test it out would be great. What I would like is multiple DNs that have been encoded two or more different ways. Graham. On Mon, Feb 12, 2001 at 11:43:39AM -0500, ne...@na... wrote: > > That would be awesome! Let me know if I can be of any help. > > SteveN > > > > > > Graham Barr <gb...@po...> on 02/12/2001 11:38:40 AM > > From: Graham Barr <gb...@po...> on 02/12/2001 11:38 AM > To: ne...@na... > cc: Chris Ridd <chr...@me...> > per...@li... > Subject: Re: DN comparision not using compare function > > > On Mon, Feb 12, 2001 at 11:15:47AM -0500, ne...@na... wrote: > > > > Thanks Chris. I think that Mozilla::LDAP might have a canonicalization > > function that should work and be a little bit more complete than my hack > : > > -P I haven't tried it yet so I may be wrong. > > I am sure I have posted this before, and I am considering adding it to > Net::LDAP::Util > > Graham. > > > (See attached file: dn) > > > > |
|
From: Graham B. <gb...@po...> - 2001-02-12 16:39:17
Attachments:
dn
|
On Mon, Feb 12, 2001 at 11:15:47AM -0500, ne...@na... wrote: > > Thanks Chris. I think that Mozilla::LDAP might have a canonicalization > function that should work and be a little bit more complete than my hack : > -P I haven't tried it yet so I may be wrong. I am sure I have posted this before, and I am considering adding it to Net::LDAP::Util Graham. |
|
From: Clif H. <ch...@po...> - 2001-02-13 05:18:44
|
Graham Barr wrote: > On Mon, Feb 12, 2001 at 11:15:47AM -0500, ne...@na... wrote: > > > > Thanks Chris. I think that Mozilla::LDAP might have a canonicalization > > function that should work and be a little bit more complete than my hack : > > -P I haven't tried it yet so I may be wrong. > > I am sure I have posted this before, and I am considering adding it to > Net::LDAP::Util I would like to see them added to the next release. Clif > > > Graham. > > - |
|
From: Graham B. <gb...@po...> - 2001-02-13 11:23:05
|
It is in CVS now. Please test and supply some additions for t/01canon_dn.t Graham. On Mon, Feb 12, 2001 at 11:22:28PM -0600, Clif Harden wrote: > > > Graham Barr wrote: > > > On Mon, Feb 12, 2001 at 11:15:47AM -0500, ne...@na... wrote: > > > > > > Thanks Chris. I think that Mozilla::LDAP might have a canonicalization > > > function that should work and be a little bit more complete than my hack : > > > -P I haven't tried it yet so I may be wrong. > > > > I am sure I have posted this before, and I am considering adding it to > > Net::LDAP::Util > > I would like to see them added to the next release. > > Clif > > > > > > > > > Graham. > > > > - > > |
|
From: Kurt D. Z. <Ku...@Op...> - 2001-02-13 06:10:40
|
At 04:38 PM 2/12/01 +0000, Graham Barr wrote: >On Mon, Feb 12, 2001 at 11:15:47AM -0500, ne...@na... wrote: >> >> Thanks Chris. I think that Mozilla::LDAP might have a canonicalization >> function that should work and be a little bit more complete than my hack : >> -P I haven't tried it yet so I may be wrong. > >I am sure I have posted this before, and I am considering adding it to >Net::LDAP::Util I note your code treats: 1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB as 1.3.6.1.4.1.1466.0=\04\02Hi,O=Test,C=GB These are not equivalent. That is, the RDN 1.3.6.1.4.1.1466.0=#04024869 can be represented as 1.3.6.1.4.1.1466.0=Hi. This is because later RDN value is the BER encoding of the value, the former is the hex escaped encoding of the value. I suggest you don't to muck with BER encoded values. |
|
From: Graham B. <gb...@po...> - 2001-02-13 09:24:43
|
On Mon, Feb 12, 2001 at 10:11:25PM -0800, Kurt D. Zeilenga wrote: > At 04:38 PM 2/12/01 +0000, Graham Barr wrote: > >On Mon, Feb 12, 2001 at 11:15:47AM -0500, ne...@na... wrote: > >> > >> Thanks Chris. I think that Mozilla::LDAP might have a canonicalization > >> function that should work and be a little bit more complete than my hack : > >> -P I haven't tried it yet so I may be wrong. > > > >I am sure I have posted this before, and I am considering adding it to > >Net::LDAP::Util > > I note your code treats: > 1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB > as > 1.3.6.1.4.1.1466.0=\04\02Hi,O=Test,C=GB > > These are not equivalent. That is, the RDN > 1.3.6.1.4.1.1466.0=#04024869 can be represented > as 1.3.6.1.4.1.1466.0=Hi. This is because later > RDN value is the BER encoding of the value, the > former is the hex escaped encoding of the value. > > I suggest you don't to muck with BER encoded values. If we don't then we cannot compare two DNs where one is BER encoded and the other is not. Hm, maybe we just list that as a limitation of the code. Graham. |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X