----- Original Message ---- From: Pierangelo Masarati ando@sys-net.it To: vargok@yahoo.com Cc: openldap-its@openldap.org Sent: Monday, March 12, 2007 4:52:04 PM Subject: Re: (ITS#4868) Binary Attribute Patch(es)
These address the use of Binary-valued attributes (#3113, #3386):
For example, inetOrgPerson.userCertificate is usually transferred with the ";binary" directive. ";binary" is not handled by OpenLDAP/Back-SQL.
Well, the solution you propose is not correct, since you are altering schema data, which is supposed to be read-only. In any case, the point is:
Yeah; I think the actual submission found the ";binary" and reset the reference to it, not actually doing anything to it.
- if we decide that back-sql should ignore tags, then the solution
consists in using the canonical name of the underlying AttributeType when looking up data;
- however, this would destroy the possibility to use different storages
for differently encoded data; for example, a column for "cn;lang-en" and a column for "cn;lang-jp". I don't know how many users would prefer one solution over another, but in any case either we find a solution that preserves both capabilities or we choose one. I'd vote in favor of ignoring ";binary" since it's obsolete and related to transport only, but in favor of honoring language tags.
Sounds great to me. I just want support for ";binary" both on storage and retrieval to be supported. I'll accept that it's obsolete -- I'll also put forth that a lot of things still use it (e.g. Lotus Domino v6).
There remains an issue with selecting attributes using, e.g., "userCertificate;binary" -- nothing is returned. Someone with a better understanding of the attribute-processing method would be much more effective in terms of finding the correct place to remove the ";binary" from the "attribute-name." (i.e. "userCertificate;binary" is NOT the attribute-name; "userCertificate" is the attribute-name, ";binary" is a transport directive (see #3113).
In fact, "userCertificate;binary" is the attribute description. The attribute name is in ad_type->sat_cname.
And, in fact, none of what I did appears to have been sufficient. I'm still looking at why selecting "userCertificate;binary" as part of an ldapsearch attribute-list doesn't pull the data. "userCertificate" does. The issue appears to be related to the ad_inlist verification on the search-supplied attribute -- "userCertificate;binary" doesn't resolve. If you know where I can look to figure this out, that would help. I've been through some areas and not found exactly where just yet.
Thanks for your assistance. Kevin Vargo
____________________________________________________________________________________ The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php