Michael Ströder wrote:
Howard Chu wrote:
> On the whole it doesn't seem like new syntaxes pop up in LDAP specs very
> often. Some may say this is because they're not really needed. I believe
> they've been sorely needed, and people have just avoided them because
> they required too much work to properly support in existing
> implementations. We can fix that.
This topic is somehwat interesting. I've banged my head against the wall
several times when implementing schema support in web2ldap. The big
question was where to draw the line between handling syntaxes and
special attribute types, especially when having to override incorrect
schema information retrieved from the server.
Overriding the server? That doesn't sound good...
I have no strong opinion just some thoughts regarding how to
make use of it at the client side:
Something like (an improved) slapo-constraint will cover most cases
which one might also consider a syntax, e.g. limited set of option
values for implementing the typical select lists. Or a certain string
AFAIK slapo-constraint shipped in RE24 only supports regex checking
defined in slapd.conf.
Dynamic option value/description lists could be easily defined by
defining an LDAP URL which searches the option values. IIRC someone is
already working in this direction to improve slapo-constraint. (A base
class for this is in web2ldap's plugin API now). But currently the
client cannot query the constraints and adjust the UI accordingly in a
vendor independent way. The client could read cn=config if back-config
is deployed though.
Right, slapo-constraint is fine if you just need a constrained form of a
string or text-based value. It's no help for more complex data types, like
ASN.1 structures or multimedia objects (images, audio clips, etc.).
I suppose it's debatable whether it's a good idea to store a lot of these
things in a directory. But in a lot of ways, it's better than storing
somewhere else. E.g., an embedded address book in a cellphone stores contact
info along with an image of the person and a custom ringtone. In the past
we've recommended that directories only store references (URLs) to these other
blobs, but that makes deployment and management much harder. Use LDAP for
everything and you only need one protocol for syncing the cellphone to a main
directory. (Of course, OpenLDAP has been embedded in cellphones before, but
with open architectures like Google is pushing out with Android now, it
becomes even more interesting.) On the flip side, it may be OK to just declare
things to be blobs (octetString) in LDAP and let the application worry about
figuring out what it really is. But that requires a lot of specialized parsing
intelligence to be present redundantly in every application, instead of just a
single generalized parser. It works, most apps today get along fine, but it's
A separate syntaxes is only needed if there's a strong need for
matching rules or normalization etc. Also a client has to implement the
syntax. IMO this is the reason for spec authors to avoid syntaxes.
Yes, this was always one of the hassles of setting up X.500 clients. But I
think it's unavoidable if you want everything to integrate properly. One of
the reasons for exploring the route of implementing dynamic syntaxes in a
language like Forth is that you can have a complete Forth implementation in
only 30K or less of object code. We can bundle it under libldap and use it
uniformly from both slapd and from clients.
So I'm thinking about whether it would be worth to extend the
declaration of attribute types to define additional constraints. A
client could interpret this and act accordingly. Well, a long way to go
through standardization off course...
Constraints are only a partial solution. It's not worth it (to me) to go
through all of that standardization effort for less than a complete solution.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/