Re: How to best handle DN+String and DN+Binary in OL?

Andrew Bartlett writes:

Looking over the definition of NameAndOptionalUID, shoehorn would certainly be the correct expression...

Worse, check its usual matching rule uniqueMemberMatch: Noncommutative in X.520, pre-rfc4517 LDAP, and optionally in RFC 4517 implementations. Then filter "(uniqueMember=cn=foo)" matches "cn=foo#<any bitstring>" as well as "cn=foo", but not vice versa: "(uniqueMember=cn=foo#'10'B)" does not match "cn=foo". Unless I got that backwards, i don't remember.

So yeah, I'd say you need a new syntax or at least a new matching rule. Or revitalization of the Component Matching stuff, but I'm not volunteering...