cancel
Showing results for 
Search instead for 
Did you mean: 

Overriding attribute MatchingRule by LDAP Modify

licasitupe
New Member
0 Kudos

Overriding attribute MatchingRule by LDAP Modify

Dear Community,

 

I'm trying to do the following simple operation:

  1. Search for an account object in LDAP using LDAPPersister search methods. My account object is a POJO with UnboundID attributes mapping, including standard "sn", "givenName" and "cn" attributes.
  2. Change the case of the value of one of this attribute, example from "Joe" to "joe".
  3. Persist the modification in LDAP using the LDAPPersister modify method.

It doesn't work as I would expect: the change is not persisted.

 

What happen is that before executing the LDAP Modify, UnboundID searches for modifications between the ReadOnly entry and the current entity. Each attribute provided to the modify functions are compared, using the LDAP matching rule defined for this attribute in the LDAP Schema, or by default the caseIgnoreMatch matching rule. "cn", "sn" and "givenName" are standard LDAP attributes that are mapped to the caseIgnoreMatch matching rule, which explains why no modification is detected for this attribute.

 

My question is therefore: how can I override the matching rule for a list of attribute, just in the context of a LDAP Modify? I could of course reset the LDAP ReadOnlyEntry, but I would then loose the capability from UnboundId to optimize the computation of the list of modifications.

 

Am I trying to do something evil or did I just missed something?

 

Thanks for your support

4 REPLIES
Highlighted
UnboundID NeilW
UnboundID

Re: Overriding attribute MatchingRule by LDAP Modify

There currently isn’t any option to accomplish this. As you suspect, the LDAP SDK is using matching rules to perform logical equivalence matching, so it does not detect changes that alter a value in a way that is still logically equivalent to the original value.

 

We can update the LDAP SDK to provide an option to perform byte-for-byte comparisons when looking for differences, but there currently isn’t any way to do it using the persistence framework.

licasitupe
New Member
0 Kudos

Re: Overriding attribute MatchingRule by LDAP Modify

Dear @NeilW,

 

thanks for your feedback. I will then proceed with a workaround by not providing the original Entry for this object.

 

Is there an option to open an official feature request for this case?

 

UnboundID NeilW
UnboundID
0 Kudos

Re: Overriding attribute MatchingRule by LDAP Modify

It's on my to-do list, and I hope to get to it within the next couple of weeks. If you want to make an official request, you can open an issue in the GitHub issue tracker (https://github.com/pingidentity/ldapsdk/issues), but it's not really necessary.

UnboundID NeilW
UnboundID
0 Kudos

Re: Overriding attribute MatchingRule by LDAP Modify

I have just committed a change that allows you to request a byte-for-byte value comparison when identifying changes to objects in the persistence framework. This is available in both the LDAPPersister.modify and LDAPPersister.getModifications methods.