RE: [ActiveDir] Empty values in attributes

[Steve Judd]

Title: RE: [ActiveDir] Windows 2000 Professional Client (Native/Mixed mode)

From RFC 2251 (complete section quoted below) "Attributes MUST have at least one value when stored".   To releat Charles' question, why do you need to store an empty attribute?  Empty attributes are meaningless: LDAP does not have any concept of null values.  You can empty an attribute after instantiating it, if you want to.   "4.1.8. Attribute    An attribute consists of a type and one or more values of that type.    (Though attributes MUST have at least one value when stored, due to    access control restrictions the set may be empty when transferred in    protocol.  This is described in section 4.5.2, concerning the    PartialAttributeList type.)         Attribute ::= SEQUENCE {                 type    AttributeDescription,                 vals    SET OF AttributeValue }    Each attribute value is distinct in the set (no duplicates).  The    order of attribute values within the vals set is undefined and    implementation-dependent, and MUST NOT be relied upon." -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ryjouk, Valeri (Valeri) Sent: Monday, April 09, 2001 11:04 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Empty values in attributes Charles. Thank you for the input. I could not find the fact, that LDAP doesn't allow the empty values for the strings in 4.1.8 of RFC 2251. But, I do know, that both NDS and Netscape Directory Server allow to have empty values for the attributes. And in a couple of places of the RFC (particularly in the definition of the Distinguished Name syntax) there is mentioning of empty value as a valid one. Would you consider LDAP implementation by Novell and Netscape as not going with the standarts? Val. -----Original Message----- From: Charles Oppermann [mailto:[EMAIL PROTECTED]] Sent: Monday, April 09, 2001 10:22 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Empty values in attributes LDAP does not allow for empty values.  If an attribute has a value it’s stored with the entry, otherwise it is not (RFC 2251 section 4.1.8).  This would be true of any LDAP directory, including NDS and Netscape Directory Server.   More importantly, why is that important to your application?   Charles Oppermann Author, Microsoft Windows 2000 Active Directory Programming http://www.coppersoftware.com/   -----Original Message----- From: Ryjouk, Valeri (Valeri) [mailto:[EMAIL PROTECTED]] Sent: Monday, April 09, 2001 6:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Empty values in attributes   Charles. Thank you for the response. Unfortunately, this operation removes the attribute as well, i.e if I had an attribute 'x' with the value "something", the 'clear' operation would delete the attribute from the attribute list of 'x' object. What I'm looking for is the way to assign empty value, not NULL. Another words, there are three types of values for an attribute: <none>         - the attribute will not appear in the list, when you retrieve the object from LDAP; empty           - the attribute will appear in the list but will contain an empty string; "something"   - the attribute will appear in the list and will contain a string; So far, I was unsuccesfull to do the second choice :-(.   -----Original Message----- From: Charles Oppermann [mailto:[EMAIL PROTECTED]] Sent: Monday, April 09, 2001 9:46 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Empty values in attributes All LDAP directories, including Active Directory, have the concept of “clearing” an attribute.  This removes the value from the attribute.  In Visual Basic it would look like this:   x.PutEx ADS_PROPERTY_CLEAR, "otherHomePhone",  vbNull   Charles Oppermann Author, Microsoft Windows 2000 Active Directory Programming http://www.coppersoftware.com/   -----Original Message----- From: Ryjouk, Valeri (Valeri) [mailto:[EMAIL PROTECTED]] Sent: Monday, April 09, 2001 6:41 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Empty values in attributes   Does anyone knows, how to add an attribute, that has an empty value. I can do it in Novell NDS, or Netscape Directory Server, but it seems to me, that AD has some sort of restriction.