3.1.1.3.4.4.3 LDAP_MATCHING_RULE_TRANSITIVE_EVAL

This rule provides recursive search of a link attribute. A filter F of the form "(A: 1.2.840.113556.1.4.1941:=V)", where A is a link attribute and V is a value, evaluates to TRUE for an object whose DN is D if the following method EvalTransitiveFilter(A, V, D) returns TRUE, and FALSE if the method returns FALSE. If A is not a link attribute, the filter F evaluates to Undefined.

EvalTransitiveFilter(A: attribute, V: value, D: DN)

• If A is of Object(DN-String), Object(DN-Binary), Object(OR-Name), or Object(Access-Point) syntax, let V' equal the object_DN portion of V. Otherwise, let V' equal V.

• Return the value of EvalTransitiveFilterHelper(A, V', D, {})

EvalTransitiveFilterHelper(A: attribute, V': value, ToVisit: DN, Visited: SET OF DN)

• If A is of Object(DN-String), Object(DN-Binary), Object(OR-Name), or Object(Access-Point) syntax, let C be the set of the object_DN components of the values of ToVisit.A. Otherwise, let C be the set of the values of ToVisit.A. Note that C is a set of DNs.

• If V' is in C, return TRUE.

• Let Visited' equal the Visited set plus {ToVisit}.

• For each DN NextToVisit in C

  • If NextToVisit is in Visited, do nothing.

  • Let Result = EvalTransitiveFilterHelper(A, V', NextToVisit, Visited')

  • If Result is TRUE, return TRUE.

• Return FALSE.