Kevin Vargo wrote:
So, in ad.c [ad_inlist], the AttributeDescription (*desc) does not have it's flags set 'properly.' That is, apparently within that structure there are flags and tags, during the parsing of the schema, the flags and tags get set properly (same file [slap_bv2ad]): desc.ad_flags |= SLAP_DESC_BINARY;
That means that, in ad_inlist, the desc's name still has ";binary" in it, and no flags set. I find that if I map this condition as an entry in the if/else cascade -- right after checking the flags, but before the if-fail on flag compare -- the data is properly returned. (I'll generate a patch, if that's an appropriate thing to do/place to do it.)
Not sure I understood - waiting for your patch...
However, there remains a problem: other LDAP Servers appear to return the 'attribute-name' requested (userCertificate;binary::) to describe the data. Now that the data is being returned, it's being returned without the ";binary" option -- as 'userCertificate::'. Per ITS#3113, ";binary" is obsoleted?
To be honest, I'm not sure I have ever clearly understood that ";binary" issue, and I don't have time to dig out the documentation, learn about it, and check the code, since the whole stuff seems to be obsolete.
Is there a compatibility mode that can be optioned to support this?
None that I know of.
Obsoleted and back-wards compatibility being in conflict.....
I think compatibility with obsolete stuff is something that may easily get in conflict with open source, volunteer developed software. Volunteers tend to concentrate scarce resources on important things, and preserving compatibility with obsolete (often broken) stuff is first of all a waste of scarce resources, and second, but not least, reduces pressure on obsolete (broken) software makers, which typically are not volunteers but actually get paid for (obsolete/broken stuff). Having said this, you may find volunteers that, pushed by their own needs like to spend time supporting obsolete/broken stuff for the simple reason they need it.
i.e. is there a way to say "return the attribute by name-requested instead of schema-name?"
No. This question has been raised many times, and the answer has always been like that. All you could do is hack slap_send_search_entry() in servers/slapd/result.c.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
-
ando@sys-net.it