Andrew Bartlett wrote:
It seems to me that Fedora DS does not support Microsoft's
extended
match bitwise operations.
I chatted with Pete about it on IRC, but thought to document it here for
discussion. While it would be technically possible for me to filter
these on the client side, it becomes silly fast. I need the LDAP
backend side to handle these.
This is the kind of search Fedora DS needs to accept, for Samba4 to use
it as a backend:
(|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))
Basic question: why are you storing bit fields in the first place? Why
not store the information in a more readily accessible fashion, both to
your code, and the administrator of the system? As you noted, the
bitwise extensible matches are Microsoft extensions and they have not
been specified in any RFC or IETF draft document AFAIK. Consequently
you should not expect the functionality to be generally available in
LDAP directory servers.
--
Pete