[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Can LDAP attribute values be null?
OpenLDAP 1.x doesn't support attributes with null values.
>I didn't find any mention of null attribute values in the LDAP standard,
>either for or against.
No values or an empty value. Two different things.
No values:
However, the key is in the ASN.1:
AddRequest ::=
[APPLICATION 8] SEQUENCE {
entry LDAPDN,
attrs SEQUENCE OF SEQUENCE {
type AttributeType,
values SET OF AttributeValue
}
}
SET OF implies "an unordered collection of zero or more occurrences
of a given type" (RSAlabs, Layman's guide to ASN.1, BER, DER,
ftp://ftp.rsasecurity.com/pub/pkcs/ascii/layman.asc). Hence,
the protocol (v2 & v3) clearly allows adding types without any
values.
Empty values:
AttributeValue ::= OCTET STRING
There is no restriction on the length of OCTET STRING.
>Is the behaviour of openLDAP correct?
No, but it is consistent with other LDAPv2-only implementations
(well, any derived from U-Mich LDAP 3.3).
> better than other alternatives?
Yes, a behavior that is liberal in what it accepts. 2.0, when
released, should support attributes without values and attributes
with values which are empty.
Kurt
----
Kurt D. Zeilenga <kurt@boolean.net>
Net Boolean Incorporated <http://www.boolean.net/>