Hi,
We're planning to migrate to OpenLDAP from Sun Directory Server. So far the test setup works fine, with one potential problem. Sun's directory server treats boolean values as case-insensitive, while the RFC (and OpenLDAP) require upper-case TRUE and FALSE values.
Is there a way of forcing case insensitivity on boolean values with OpenLDAP, so that any clients who are applying filters like "(foo=true)" will continue to work? Or is the only way to maintain stats logging and try to locate particular scripts on the machines that connect, and fix each one in turn? I realise the former option is not RFC compliant, but for me, it'll be very convenient to be permissive.
Thanks, Simon.
Simon Fraser wrote:
Hi,
We're planning to migrate to OpenLDAP from Sun Directory Server. So far the test setup works fine, with one potential problem. Sun's directory server treats boolean values as case-insensitive, while the RFC (and OpenLDAP) require upper-case TRUE and FALSE values.
Is there a way of forcing case insensitivity on boolean values with OpenLDAP, so that any clients who are applying filters like "(foo=true)" will continue to work? Or is the only way to maintain stats logging and try to locate particular scripts on the machines that connect, and fix each one in turn? I realise the former option is not RFC compliant, but for me, it'll be very convenient to be permissive.
In the past I had to do what you're asking for; my customer even asked me to support the use of 0/1 instead of TRUE/FALSE. It can be done with few lines of portable code (I mean: without the need to patch the source at each upgrade) by writing a module that replaces the validation & normalization functions of the boolean syntax and equality matching rule. This makes your own slapd tolerant with respect to syntax violations. Please do not ask to provide this feature neither as a modificaton to OpenLDAP code nor as a module, because this would make incorrect values the de-facto standard, and nobody wants this. Fixing the clients is the right approach.
p.
openldap-technical@openldap.org