[Freeipa-devel] LDAP over XML

Rob Crittenden rcritten at redhat.com
Wed Jul 18 15:48:44 UTC 2007


I've been going back and forth over how much LDAP information to reveal 
over RPC. At this point it is simply easier to reveal it all (as granted 
by LDAP ACLs of course). We can remove stuff in the future (like 
objectclass) but for now I'm going to transmit everything I think.

The problem is that on the server side the data is in a raw format. This 
doesn't work so well with binary fields and you can easily end up with 
bad data or invalid XML.

For the time being I've overridden the string sending of the XML 
Marshaller to base64 encode everything. Is this price worth paying, to 
encode and decode all values?

We may be able to encode based on attribute but then some user will come 
along and customize things and their new binary field won't be encoded 
and things will break.

So is this an acceptable trade-off?

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070718/2f855fce/attachment.bin>


More information about the Freeipa-devel mailing list