directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <>
Subject Re: Why is equals() in class LdapName case-sensitive?
Date Sat, 22 Apr 2006 08:52:08 GMT
Emmanuel Lecharny wrote:
> Stefan Zoerner a écrit :
>> class has an equals 
>> method, which is frequently used within OldAuthorizationService, and 
>> which is case sensitive:
> Well, there is no way to compare two different DNs without knowing about 
> the  syntax of the types. LdapName  has no information about how to 
> compare two CNs, or two OUs, or whatever Attribute type. So the straight 
> comparizon is done using a case sensitive approach.
>  From a user standpoint, true, both DN are equals. But from LdapName, 
> they are different.

Yes, this is probably a reasonable decision. But note that class 
javax.naming.ldap.LdapName (Java 5) ignores case (same situation: you 
can create DNs from a String without schema information). Maybe it would 
be better to have a comparable behavior here.

> In the server, DN comparizon are done using another mechanism, because 
> the server is aware of AttributesType. It knows that CN values are to be 
> trimmed and case insensitive should be done.
> So the pb in DIRSERVER-606 is related to the straight use of equals 
> method, which shoul dnot be used (we should compare internal 
> representation on DNs, not String representation, so we must first parse 
> the string and then compare the result with the other parsed string.)

I will try to create a solution for DIRSERVER-606. This 
OldAuthorizationService seems to be somehow deprecated, but as long as 
we ship with it (service is enabled by default), it should work 
properly. Currently, we have for instance this problem (not filed in 
JIRA yet, same cause):

Standard installation 1.0RC1,

$ ldapsearch -D "uid=admin,ou=system" -w ****** -h localhost -p 10389 -b 
"uid=admin,ou=system" -s base "(objectclass=*)"

lists the admin entry (as expected), but this here lists nothing:

$ ldapsearch -D "uid=Admin,ou=system" -w ****** -h localhost -p 10389 -b 
"uid=admin,ou=system" -s base "(objectclass=*)"

(bind is successful, but result list is empty due to 
OldAuthorizationService + equals for principalDn "uid=Admin...").

> I gonna have a look at this problem, may be Alex could confirm my 
> opinion about this point, or correct me if I'm wrong.

Thanks for clarification, Emmanuel !

View raw message