[SCM] Samba Shared Repository - branch master updated - 6e4cc12604f6bcf53961326d497f118dfe5da139

Michael Ströder michael at stroeder.com
Fri Dec 12 14:14:22 GMT 2008

simo wrote:
> On Fri, 2008-12-12 at 23:04 +1100, Andrew Bartlett wrote:
>> The OpenLDAP backend does not like zero-length strings, and I'm
>> presuming it's your new tests. 
> I think this is a very old controversial behavior of OpenLDAP, it would
> be nice to know why it doesn't.

As said in another posting: It's a matter of the LDAP syntaxes. Most
LDAP syntaxes don't allow empty strings as attribute values (IIRC it's
allowed for IA5String). OpenLDAP is more strict enforcing the specific
constraints of various LDAP syntaxes than other LDAP server implementations.

>> I'm wondering if you have any ideas how we can correctly store these ""
>> userParameters.  Should we instead not store the parameter?
> In theory a zero length string is a perfectly valid value,

Think about it: E.g. if the LDAP syntax is "Integer" which value should
an empty string indicate? Should the LDAP server automagically normalize
the empty string to the number zero? Or should an empty string indicate
an absent attribute value to be completely ignored. I'm sure this would
lead to various issues.

This is a little bit like None!='' in Python.

> although not possible to express in an ldif,

Certainly you can express an empty string in LDIF. Otherwise you
couldn't address the rootDSE with LDIF. If a LDIF parser cannot handle
that it's broken.

> does AD allow to set a zero length string ?

This cannot be generally answered for all LDAP syntaxes (see above).

Ciao, Michael.

More information about the samba-technical mailing list