Re: Blank Attribute - further question

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 06:53 PM 10/23/2005, Daniel Henninger wrote:

>>>In reference to the previous question from August:
>>>
>>>
>>>>At 07:22 AM 8/11/2005, Ivan.Garcia@leroymerlin.es wrote:
>>>>
>>>>>adding new entry "uid=30000001,ou=people,ou=es-  
>>>>>lm,o=corp.happyparty.com"
>>>>>
>>>>>ldap_add: Invalid syntax (21)
>>>>>       additional info: mail: value #0 invalid per syntax
>>>>>
>>>>>this appears when the mail attribute is blank, but when the mail
>>>attribute
>>>
>>>>>is writted that´s all OK.
>>>>
>>>>If you example the technical specification for the LDAP syntax
>>>>of the 'mail' attribute you will find that it doesn't allow
>>>>empty values.  Hence, slapd(8)'s response.
>>>>
>>>>Kurt
>>>
>>>I am having trouble figuring out what it is about the mail attribute
>>>that indicates "can not be blank".
>>
>>See Section 9.3.3 (RFC 822 Mailbox) of RFC 1274 (also known in
>>as the 'mail' attribute in LDAP).  Note the SIZE restriction.
>>slapd(8) is coded to enforce this restriction.
>>
>>Also note that a valid RFC 882 Mailbox [RFC 2822] cannot be
>>zero-length.  If the object has no mailbox associated with it,
>>the 'mail' attribute should not be present.  Providing a
>>'mail' attribute (or any other attribute for that matter)
>>with garbage values will lead to interoperability problems.
>
>Right, but that doesn't look the same as what I'm seeing in the  
>OpenLDAP schema files.

slapd(8) uses RFC 2252 format schema descriptions.

>     rfc822Mailbox ATTRIBUTE
>         WITH ATTRIBUTE-SYNTAX
>             caseIgnoreIA5StringSyntax
>             (SIZE (1 .. ub-rfc822-mailbox))
>     ::= {pilotAttributeType 3}
>
>Just to make sure we are on the same page, I assure you that I am not  
>planning on trying to set the actual 'mail' attribute to 0 length.  I  
>simply used that as an example.  I'm actually creating an entirely  
>new custom attribute but have been unable to figure out how to make  
>it permit a 0 length string.

You need to choose a syntax which allows such.  IIRC,
there is no standardized, modern (e.g., Unicode based)
character string syntax that allows such at present.

>The SIZE restriction in the OpenLDAP  
>schema file looks like 256 max to me.  Am I reading that wrong?
>
>attributetype ( 0.9.2342.19200300.100.1.3
>        NAME ( 'mail' 'rfc822Mailbox' )
>        DESC 'RFC1274: RFC822 Mailbox'
>    EQUALITY caseIgnoreIA5Match
>    SUBSTR caseIgnoreIA5SubstringsMatch
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

Yes.  256 is not a maximum size.  It's a recommended minimum-maximum.
That is, all implementations implementing this syntax should
at least support values up to this size.  They can support larger.
slapd(8) actually ignores the min-max, as it does have hard
coded maximums.

>{256} is the SIZE, is it not?  And it looks like a maximum (as that  
>is obviously not the minimum).  But lets say I have something like this:
>
>attributetype ( 1.3.6.1.4.1.234.1.15
>        NAME 'ncsuPreferredMiddleName'
>        DESC 'Preferred middle name for display'
>        EQUALITY caseIgnoreMatch
>        SUBSTR caseIgnoreSubstringsMatch
>        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

Directory strings cannot be empty.  See RFC 2252.

>Is it possible to do something like this?

No.  See RFC 2252.