FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 07-07-2008, 04:45 AM
"Mike C"
 
Default Case Sensitive Lookup and Searching

Hi,

I'm running Fedora-Directory/1.0.2 B2006.111.2147, and talking to it
via a Java App. Previously the app was talking to an OpenLDAP 2.3.x
server.

My problem is with this:

Object o = ctx.lookup("memberUid=steves,ou=People");

In OpenLDAP, it returns the correct user (steves). In FDS, it returns
the wrong user, 'Steves'. Yes, unfortunately our data is like that,
where case sensitivity is important. In fact, as a side issue, when we
import the data from ldif into FDS, the ldif2db process ignores
duplicate entries (i.e. steves was inserted, but Steves ignored as it
was considered a duplicate).

ldif2db Error: import company: WARNING: Skipping duplicate entry
"memberUid=steves,ou=People,o=company.com"

As you might imagine, I'd like to get it so both ldif2db and lookups
are case sensitive. However, it seems like ldapsearch is case
sensitive.

# ./ldapsearch -h 127.0.0.1 -b "o=company.com" memberUid=steves
# ./ldapsearch -h 127.0.0.1 -b "o=company.com" memberUid=Steves
version: 1
dn: memberUid=Steves,ou=People,o=company.com
personalTitle: Mr
etc...

So, the question goes, what am I missing? I've even tried changing the
definition of memberUid in config/schema/10rfc2307.ldif to use

attributeTypes: (
1.3.6.1.1.1.1.12
NAME 'memberUid'
DESC 'Standard LDAP attribute type'
EQUALITY caseExactIA5Match
SUBSTRINGS caseExactIA5SubstringsMatch
SYNTAX 'IA5String'
)

Ideas?

Thanks,

Mike

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 07-07-2008, 09:13 AM
Michael Ströder
 
Default Case Sensitive Lookup and Searching

Mike C wrote:


Object o = ctx.lookup("memberUid=steves,ou=People");


Attribute 'memberUid' was never meant to be used within a user entry.

So general advice is to define a better schema and sanitize your data.
You probably already know that. ;-)



I've even tried changing the
definition of memberUid in config/schema/10rfc2307.ldif to use

attributeTypes: (
1.3.6.1.1.1.1.12
NAME 'memberUid'
DESC 'Standard LDAP attribute type'
EQUALITY caseExactIA5Match
SUBSTRINGS caseExactIA5SubstringsMatch
SYNTAX 'IA5String'
)

Ideas?


Well, looking at the schema in FDS there's no such matching rule named
'caseExactIA5Match' (IMO the server shouldn't even start with such a
mis-defined schema element declaration). The only caseExact* matching
rules listed in the subschema are 'caseExactOrderingMatch-en' and
'caseExactSubstringMatch-en' which both does not look suitable to me.


Strange enough there's not even an EQUALITY matching rule defined for
attribute type 'memberUid' at all...


I really wonder whether default matching rules are applied for certain
LDAP syntaxes and how to find out which these are.


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 07-07-2008, 01:06 PM
Rich Megginson
 
Default Case Sensitive Lookup and Searching

Michael Ströder wrote:

Mike C wrote:


Object o = ctx.lookup("memberUid=steves,ou=People");


Attribute 'memberUid' was never meant to be used within a user entry.

So general advice is to define a better schema and sanitize your data.
You probably already know that. ;-)



I've even tried changing the
definition of memberUid in config/schema/10rfc2307.ldif to use

attributeTypes: (
1.3.6.1.1.1.1.12
NAME 'memberUid'
DESC 'Standard LDAP attribute type'
EQUALITY caseExactIA5Match
SUBSTRINGS caseExactIA5SubstringsMatch
SYNTAX 'IA5String'
)

Ideas?


Well, looking at the schema in FDS there's no such matching rule named
'caseExactIA5Match' (IMO the server shouldn't even start with such a
mis-defined schema element declaration). The only caseExact* matching
rules listed in the subschema are 'caseExactOrderingMatch-en' and
'caseExactSubstringMatch-en' which both does not look suitable to me.


Strange enough there's not even an EQUALITY matching rule defined for
attribute type 'memberUid' at all...


I really wonder whether default matching rules are applied for certain
LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.

Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 07-07-2008, 03:11 PM
Michael Ströder
 
Default Case Sensitive Lookup and Searching

Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for certain
LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule" is
chosen? Is the list of matching rules in the subschema subentry complete?


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 07-07-2008, 03:21 PM
Rich Megginson
 
Default Case Sensitive Lookup and Searching

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for
certain LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule" is
chosen?
No, not really, afaik. I suppose it attempts to use "common sense" e.g.
if the syntax is for case sensitive string, it uses a matching rule for
case sensitive string comparison, and uses indexers for case sensitive
strings.

Is the list of matching rules in the subschema subentry complete?
Complete as in "implements every matching rule defined in every LDAP
RFC" - no.


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 07-07-2008, 03:31 PM
Michael Ströder
 
Default Case Sensitive Lookup and Searching

Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for
certain LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule" is
chosen?
No, not really, afaik. I suppose it attempts to use "common sense" e.g.
if the syntax is for case sensitive string, it uses a matching rule for
case sensitive string comparison, and uses indexers for case sensitive
strings.


And how to determine whether a syntax is used for case sensitive
strings? That's exactly the problem of the original poster I guess.



Is the list of matching rules in the subschema subentry complete?
Complete as in "implements every matching rule defined in every LDAP
RFC" - no.


Complete in the sense: The subschema subentry lists all the matching
rules which are implemented, no more, no less.


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 07-07-2008, 04:11 PM
Rich Megginson
 
Default Case Sensitive Lookup and Searching

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for
certain LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule" is
chosen?
No, not really, afaik. I suppose it attempts to use "common sense"
e.g. if the syntax is for case sensitive string, it uses a matching
rule for case sensitive string comparison, and uses indexers for case
sensitive strings.


And how to determine whether a syntax is used for case sensitive
strings? That's exactly the problem of the original poster I guess.
I think IA5String is case sensitive, and Directory String is case
insensitive.



Is the list of matching rules in the subschema subentry complete?
Complete as in "implements every matching rule defined in every LDAP
RFC" - no.


Complete in the sense: The subschema subentry lists all the matching
rules which are implemented, no more, no less.

Not sure.


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 07-07-2008, 05:55 PM
Michael Ströder
 
Default Case Sensitive Lookup and Searching

Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for
certain LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most appropriate
internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule" is
chosen?
No, not really, afaik. I suppose it attempts to use "common sense"
e.g. if the syntax is for case sensitive string, it uses a matching
rule for case sensitive string comparison, and uses indexers for case
sensitive strings.


And how to determine whether a syntax is used for case sensitive
strings? That's exactly the problem of the original poster I guess.

>
I think IA5String is case sensitive, and Directory String is case
insensitive.


I don't think so (see section 4.2. of RFC 4517).

Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 07-07-2008, 06:10 PM
Rich Megginson
 
Default Case Sensitive Lookup and Searching

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:

Michael Ströder wrote:
I really wonder whether default matching rules are applied for
certain LDAP syntaxes and how to find out which these are.


If there is no matching rule, it just goes by the most
appropriate internal matching rule that corresponds to the SYNTAX.


Any description how the "most appropriate internal matching rule"
is chosen?
No, not really, afaik. I suppose it attempts to use "common sense"
e.g. if the syntax is for case sensitive string, it uses a matching
rule for case sensitive string comparison, and uses indexers for
case sensitive strings.


And how to determine whether a syntax is used for case sensitive
strings? That's exactly the problem of the original poster I guess.

>
I think IA5String is case sensitive, and Directory String is case
insensitive.


I don't think so (see section 4.2. of RFC 4517).
Ok. But the the way Fedora DS works is that it treats IA5String as case
sensitive, and Directory String as case insensitive - see
ldap/servers/plugins/syntaxes/ces.c and cis.c


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 07-07-2008, 06:24 PM
Michael Ströder
 
Default Case Sensitive Lookup and Searching

Rich Megginson wrote:

Michael Ströder wrote:

Rich Megginson wrote:
I think IA5String is case sensitive, and Directory String is case
insensitive.

I don't think so (see section 4.2. of RFC 4517).
Ok. But the the way Fedora DS works is that it treats IA5String as case
sensitive, and Directory String as case insensitive - see
ldap/servers/plugins/syntaxes/ces.c and cis.c


Hmm, but then the problem of the original poster is that the matching
rule applied to an attribute value (based on your rule above) has
nothing to with the normalization of the entry's RDN.
Because he was asking about memberUid=steves vs. memberUid=Steves which
are two different entries in his data (based on caseExactIA5Match) but
are treated as the same entry in FDS.


(Nevertheless he should get his data fixed for various reasons.)

Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 10:29 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org