You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Torgeir Veimo <to...@pobox.com> on 2008/05/02 07:46:53 UTC
import of empty attributes fails
I'm using apache ds 1.5.2 on osx / jdk 1.6.
I get an error like
#!RESULT ERROR
#!CONNECTION ldap://localhost:10389
#!DATE 2008-05-02T15:39:14.166
#!ERROR [LDAP: error code 21 - failed to add entry
uid=s9817798,ou=people,dc=bi,dc=org: Attribute value '' for attribute
'epdprofemailaddress' is syntactically incorrect]
dn: uid=s9817798,ou=people,dc=bi,dc=org
[...]
epdprofcompanyname: Nopal AS
epdprofemailaddress:
epdproffieldofemployment: Salg
[...]
epdprofemailaddress is in the schema as
dn: m-oid=1.3.6.1.4.1.8219.2.155, ou=attributeTypes, cn=netenviron,
ou=schema
objectclass: metaAttributeType
objectclass: metaTop
objectclass: top
m-oid: 1.3.6.1.4.1.8219.2.155
m-name: epdprofemailaddress
m-equality: caseIgnoreMatch
m-syntax: 1.3.6.1.4.1.1466.115.121.1.15
Shouldn't this allow the attribute to be present, but empty?
--
Torgeir Veimo
torgeir@netenviron.com
Re: import of empty attributes fails
Posted by Emmanuel Lecharny <el...@apache.org>.
Torgeir Veimo wrote:
>
> On 2 May 2008, at 16:51, Stefan Seelmann wrote:
>
>> One more comment: the attribute mail uses syntax
>> 1.3.6.1.4.1.1466.115.121.1.26 (IA5 String), this syntax allows an empty
>> string. Perhaps you could try to use this syntax?
>
>
> Hmm, according to this website, that type doesn't allow accented
> characters, eg æøå.
>
> http://www.zytrax.com/books/ldap/apa/types.html#strings
>
> Isn't there a string type that accepts utf-8 but also accepts empty
> strings? Or is it the compare syntax that defines if an empty string
> is allowed?
The only way to store empty attributes containing DirectoryString values
is to use the OctetString syntax.
RFC 4511 specifically says that "Clients MUST only send attribute values
in a request that are valid according to the syntax defined for the
attributes.". So if you have a null value, it's simply an invalid value
if it is used into an attribute which contains DirectoryString.
Seems that the client you are using is not aware of this limitation ...
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
Re: import of empty attributes fails
Posted by Torgeir Veimo <to...@pobox.com>.
On 2 May 2008, at 16:51, Stefan Seelmann wrote:
> One more comment: the attribute mail uses syntax
> 1.3.6.1.4.1.1466.115.121.1.26 (IA5 String), this syntax allows an
> empty
> string. Perhaps you could try to use this syntax?
Hmm, according to this website, that type doesn't allow accented
characters, eg æøå.
http://www.zytrax.com/books/ldap/apa/types.html#strings
Isn't there a string type that accepts utf-8 but also accepts empty
strings? Or is it the compare syntax that defines if an empty string
is allowed?
--
Torgeir Veimo
torgeir@netenviron.com
Re: import of empty attributes fails
Posted by Stefan Seelmann <se...@apache.org>.
One more comment: the attribute mail uses syntax
1.3.6.1.4.1.1466.115.121.1.26 (IA5 String), this syntax allows an empty
string. Perhaps you could try to use this syntax?
Kind Regards,
Stefan
Stefan Seelmann schrieb:
> Hi Torgeir,
>
> Syntax 1.3.6.1.4.1.1466.115.121.1.15 is 'Directory String', and
> according to RFC 4517 an empty string is not allowed for 'Directory String'.
>
> See http://tools.ietf.org/html/rfc4517, section 3.3.6:
> -------------------------------------------------------
> 3.3.6. Directory String
>
> A value of the Directory String syntax is a string of one or more
> arbitrary characters from the Universal Character Set (UCS) [UCS]. A
> zero-length character string is not permitted. ...
>
> -------------------------------------------------------
>
> Greetings from Munich,
> Stefan Seelmann
>
>
>
> Torgeir Veimo schrieb:
>> I'm using apache ds 1.5.2 on osx / jdk 1.6.
>>
>> I get an error like
>>
>> #!RESULT ERROR
>> #!CONNECTION ldap://localhost:10389
>> #!DATE 2008-05-02T15:39:14.166
>> #!ERROR [LDAP: error code 21 - failed to add entry
>> uid=s9817798,ou=people,dc=bi,dc=org: Attribute value '' for attribute
>> 'epdprofemailaddress' is syntactically incorrect]
>> dn: uid=s9817798,ou=people,dc=bi,dc=org
>> [...]
>> epdprofcompanyname: Nopal AS
>> epdprofemailaddress:
>> epdproffieldofemployment: Salg
>> [...]
>>
>> epdprofemailaddress is in the schema as
>>
>> dn: m-oid=1.3.6.1.4.1.8219.2.155, ou=attributeTypes, cn=netenviron,
>> ou=schema
>> objectclass: metaAttributeType
>> objectclass: metaTop
>> objectclass: top
>> m-oid: 1.3.6.1.4.1.8219.2.155
>> m-name: epdprofemailaddress
>> m-equality: caseIgnoreMatch
>> m-syntax: 1.3.6.1.4.1.1466.115.121.1.15
>>
>> Shouldn't this allow the attribute to be present, but empty?
>>
>
Re: import of empty attributes fails
Posted by Stefan Seelmann <se...@apache.org>.
Hi Torgeir,
Syntax 1.3.6.1.4.1.1466.115.121.1.15 is 'Directory String', and
according to RFC 4517 an empty string is not allowed for 'Directory String'.
See http://tools.ietf.org/html/rfc4517, section 3.3.6:
-------------------------------------------------------
3.3.6. Directory String
A value of the Directory String syntax is a string of one or more
arbitrary characters from the Universal Character Set (UCS) [UCS]. A
zero-length character string is not permitted. ...
-------------------------------------------------------
Greetings from Munich,
Stefan Seelmann
Torgeir Veimo schrieb:
> I'm using apache ds 1.5.2 on osx / jdk 1.6.
>
> I get an error like
>
> #!RESULT ERROR
> #!CONNECTION ldap://localhost:10389
> #!DATE 2008-05-02T15:39:14.166
> #!ERROR [LDAP: error code 21 - failed to add entry
> uid=s9817798,ou=people,dc=bi,dc=org: Attribute value '' for attribute
> 'epdprofemailaddress' is syntactically incorrect]
> dn: uid=s9817798,ou=people,dc=bi,dc=org
> [...]
> epdprofcompanyname: Nopal AS
> epdprofemailaddress:
> epdproffieldofemployment: Salg
> [...]
>
> epdprofemailaddress is in the schema as
>
> dn: m-oid=1.3.6.1.4.1.8219.2.155, ou=attributeTypes, cn=netenviron,
> ou=schema
> objectclass: metaAttributeType
> objectclass: metaTop
> objectclass: top
> m-oid: 1.3.6.1.4.1.8219.2.155
> m-name: epdprofemailaddress
> m-equality: caseIgnoreMatch
> m-syntax: 1.3.6.1.4.1.1466.115.121.1.15
>
> Shouldn't this allow the attribute to be present, but empty?
>