Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   Case Sensitive Lookup and Searching (http://www.linux-archive.org/fedora-directory/120165-case-sensitive-lookup-searching.html)

"Mike C" 07-07-2008 04:45 AM

Case Sensitive Lookup and Searching
 
Hi,

I'm running Fedora-Directory/1.0.2 B2006.111.2147, and talking to it
via a Java App. Previously the app was talking to an OpenLDAP 2.3.x
server.

My problem is with this:

Object o = ctx.lookup("memberUid=steves,ou=People");

In OpenLDAP, it returns the correct user (steves). In FDS, it returns
the wrong user, 'Steves'. Yes, unfortunately our data is like that,
where case sensitivity is important. In fact, as a side issue, when we
import the data from ldif into FDS, the ldif2db process ignores
duplicate entries (i.e. steves was inserted, but Steves ignored as it
was considered a duplicate).

ldif2db Error: import company: WARNING: Skipping duplicate entry
"memberUid=steves,ou=People,o=company.com"

As you might imagine, I'd like to get it so both ldif2db and lookups
are case sensitive. However, it seems like ldapsearch is case
sensitive.

# ./ldapsearch -h 127.0.0.1 -b "o=company.com" memberUid=steves
# ./ldapsearch -h 127.0.0.1 -b "o=company.com" memberUid=Steves
version: 1
dn: memberUid=Steves,ou=People,o=company.com
personalTitle: Mr
etc...

So, the question goes, what am I missing? I've even tried changing the
definition of memberUid in config/schema/10rfc2307.ldif to use

attributeTypes: (
1.3.6.1.1.1.1.12
NAME 'memberUid'
DESC 'Standard LDAP attribute type'
EQUALITY caseExactIA5Match
SUBSTRINGS caseExactIA5SubstringsMatch
SYNTAX 'IA5String'
)

Ideas?

Thanks,

Mike

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Michael Ströder 07-07-2008 09:13 AM

Case Sensitive Lookup and Searching
 
Mike C wrote:


Object o = ctx.lookup("memberUid=steves,ou=People");


Attribute 'memberUid' was never meant to be used within a user entry.

So general advice is to define a better schema and sanitize your data.
You probably already know that. ;-)



I've even tried changing the
definition of memberUid in config/schema/10rfc2307.ldif to use

attributeTypes: (
1.3.6.1.1.1.1.12
NAME 'memberUid'
DESC 'Standard LDAP attribute type'
EQUALITY caseExactIA5Match
SUBSTRINGS caseExactIA5SubstringsMatch
SYNTAX 'IA5String'
)

Ideas?


Well, looking at the schema in FDS there's no such matching rule named
'caseExactIA5Match' (IMO the server shouldn't even start with such a
mis-defined schema element declaration). The only caseExact* matching
rules listed in the subschema are 'caseExactOrderingMatch-en' and
'caseExactSubstringMatch-en' which both does not look suitable to me.


Strange enough there's not even an EQUALITY matching rule defined for
attribute type 'memberUid' at all...


I really wonder whether default matching rules are applied for certain
LDAP syntaxes and how to find out which these are.


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Rich Megginson 07-07-2008 01:06 PM

Case Sensitive Lookup and Searching
 
Michael Ströder wrote:

Mike C wrote:


Object o = ctx.lookup("memberUid=steves,ou=People");


Attribute 'memberUid' was never meant to be used within a user entry.

So general advice is to define a better schema and sanitize your data.
You probably already know that. ;-)



I've even tried changing the
definition of memberUid in config/schema/10rfc2307.ldif to use

attributeTypes: (
1.3.6.1.1.1.1.12
NAME 'memberUid'
DESC 'Standard LDAP attribute type'
EQUALITY caseExactIA5Match
SUBSTRINGS caseExactIA5SubstringsMatch
SYNTAX 'IA5String'
)

Ideas?


Well, looking at the schema in FDS there's no such matching rule named
'caseExactIA5Match' (IMO the server shouldn't even start with such a
mis-defined schema element declaration). The only caseExact* matching
rules listed in the subschema are 'caseExactOrderingMatch-en' and
'caseExactSubstringMatch-en' which both does not look suitable to me.


Strange enough there's not even an EQUALITY matching rule defined for
attribute type 'memberUid' at all...


I really wonder whether default matching rules are applied for certain
LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.

Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Michael Ströder 07-07-2008 03:11 PM

Case Sensitive Lookup and Searching
 
Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for certain
LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule" is
chosen? Is the list of matching rules in the subschema subentry complete?


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Rich Megginson 07-07-2008 03:21 PM

Case Sensitive Lookup and Searching
 
Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for
certain LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule" is
chosen?
No, not really, afaik. I suppose it attempts to use "common sense" e.g.
if the syntax is for case sensitive string, it uses a matching rule for
case sensitive string comparison, and uses indexers for case sensitive
strings.

Is the list of matching rules in the subschema subentry complete?
Complete as in "implements every matching rule defined in every LDAP
RFC" - no.


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Michael Ströder 07-07-2008 03:31 PM

Case Sensitive Lookup and Searching
 
Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for
certain LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule" is
chosen?
No, not really, afaik. I suppose it attempts to use "common sense" e.g.
if the syntax is for case sensitive string, it uses a matching rule for
case sensitive string comparison, and uses indexers for case sensitive
strings.


And how to determine whether a syntax is used for case sensitive
strings? That's exactly the problem of the original poster I guess.



Is the list of matching rules in the subschema subentry complete?
Complete as in "implements every matching rule defined in every LDAP
RFC" - no.


Complete in the sense: The subschema subentry lists all the matching
rules which are implemented, no more, no less.


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Rich Megginson 07-07-2008 04:11 PM

Case Sensitive Lookup and Searching
 
Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for
certain LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule" is
chosen?
No, not really, afaik. I suppose it attempts to use "common sense"
e.g. if the syntax is for case sensitive string, it uses a matching
rule for case sensitive string comparison, and uses indexers for case
sensitive strings.


And how to determine whether a syntax is used for case sensitive
strings? That's exactly the problem of the original poster I guess.
I think IA5String is case sensitive, and Directory String is case
insensitive.



Is the list of matching rules in the subschema subentry complete?
Complete as in "implements every matching rule defined in every LDAP
RFC" - no.


Complete in the sense: The subschema subentry lists all the matching
rules which are implemented, no more, no less.

Not sure.


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Michael Ströder 07-07-2008 05:55 PM

Case Sensitive Lookup and Searching
 
Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for
certain LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule" is
chosen?
No, not really, afaik. I suppose it attempts to use "common sense"
e.g. if the syntax is for case sensitive string, it uses a matching
rule for case sensitive string comparison, and uses indexers for case
sensitive strings.


And how to determine whether a syntax is used for case sensitive
strings? That's exactly the problem of the original poster I guess.

>
I think IA5String is case sensitive, and Directory String is case
insensitive.


I don't think so (see section 4.2. of RFC 4517).

Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Rich Megginson 07-07-2008 06:10 PM

Case Sensitive Lookup and Searching
 
Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for
certain LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most
appropriate internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule"
is chosen?
No, not really, afaik. I suppose it attempts to use "common sense"
e.g. if the syntax is for case sensitive string, it uses a matching
rule for case sensitive string comparison, and uses indexers for
case sensitive strings.


And how to determine whether a syntax is used for case sensitive
strings? That's exactly the problem of the original poster I guess.

>
I think IA5String is case sensitive, and Directory String is case
insensitive.


I don't think so (see section 4.2. of RFC 4517).
Ok. But the the way Fedora DS works is that it treats IA5String as case
sensitive, and Directory String as case insensitive - see
ldap/servers/plugins/syntaxes/ces.c and cis.c


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Michael Ströder 07-07-2008 06:24 PM

Case Sensitive Lookup and Searching
 
Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:
I think IA5String is case sensitive, and Directory String is case
insensitive.

I don't think so (see section 4.2. of RFC 4517).
Ok. But the the way Fedora DS works is that it treats IA5String as case
sensitive, and Directory String as case insensitive - see
ldap/servers/plugins/syntaxes/ces.c and cis.c


Hmm, but then the problem of the original poster is that the matching
rule applied to an attribute value (based on your rule above) has
nothing to with the normalization of the entry's RDN.
Because he was asking about memberUid=steves vs. memberUid=Steves which
are two different entries in his data (based on caseExactIA5Match) but
are treated as the same entry in FDS.


(Nevertheless he should get his data fixed for various reasons.)

Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users


All times are GMT. The time now is 05:01 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.