I see that openldap supports a number of matching rules for DNs, e.g. dnOneLevelMatch, dnSubtreeMatch, dnSubordinateMatch and dnSuperiorMatch.
<snip>
I have not found documentation anywhere that describes how these matching rules work.
I can try out examples and/or read the openldap source code to try and deduce their behaviour, but I'd prefer to see documentation.
This feature has been present in OpenLDAP since 2004.
https://www.openldap.org/its/private.cgi/Archive.Software%20Enhancements?id=...
That link needs a login.
Nobody has asked for docs thus far, because everybody recognizes that subtree/onelevel/subordinate are the same as the corresponding LDAP search scopes, and their behavior is already specified.
Ok, but there's no superior scope. Also, while it's possible to try and deduce behaviour by similarity of names and by experiment, that's not a foolproof method, which is why I asked for a link to documentation. What little documentation I did find indicates that these matching rules are 'experimental' and shouldn't be used in released code (http://www.openldap.org/faq/data/cache/200.html) - is that still the case?
Chris