[Freeipa-devel] LDAP over XML
Rob Crittenden
rcritten at redhat.com
Wed Jul 18 21:33:52 UTC 2007
Rob Crittenden wrote:
> I've been going back and forth over how much LDAP information to reveal
> over RPC. At this point it is simply easier to reveal it all (as granted
> by LDAP ACLs of course). We can remove stuff in the future (like
> objectclass) but for now I'm going to transmit everything I think.
>
> The problem is that on the server side the data is in a raw format. This
> doesn't work so well with binary fields and you can easily end up with
> bad data or invalid XML.
>
> For the time being I've overridden the string sending of the XML
> Marshaller to base64 encode everything. Is this price worth paying, to
> encode and decode all values?
>
> We may be able to encode based on attribute but then some user will come
> along and customize things and their new binary field won't be encoded
> and things will break.
>
> So is this an acceptable trade-off?
>
Another option we have is I can put the data into LDIF format and return
it as one massive stringe. The problem is that I'll have to walk that
string and create a dictionary to pluck out individual fields. This
might be better since I can then just display stuff without worrying
about providing data in a bad format.
It might be the lesser of evils.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070718/62a5071d/attachment.bin>
More information about the Freeipa-devel
mailing list