Stefan Seelmann a écrit :
Hi,
ApacheDS and also other servers accept attributes with empty values.
Here is an example entry:
--------------------------------
dn: cn=empty,dc=example,dc=com
objectClass: person
objectClass: top
cn: empty
sn: empty
description: test
description:
seeAlso: dc=example,dc=com
seeAlso:
--------------------------------
One scenario where an empty value makes sense is a reference to the
RootDSE, like in the example above. Could you give me some more
scenarios, where empty values are useful?
Any scenario where a user want to 'nullify' some value, but still get
the attributeType in the list or returned value. For instance, if you
have a weak program written on top of a ldap server, which is expecting
an attributeType, whatever is the value, then you must be able to return
this empty value.
This is a little bit tortuous, as there is nowhere in the spec where it
is explicitely said that empty values should be accepted. However, it is
said that values should respect the AttributeType syntaxes, so if these
syntaxes does not accept empty values, we are good.
The perfect exemple is seeAlso : empty DN is valid. I personnaly think
that this is a very special case (it represent the rootDSE) and should
not be accepted, but this is the way ot goes. What should we do ? I had
to modify the DN syntaxChecker to accept emptyDN, even if I don't think
this is a good idea. Was I wrong ?
LDAP Studio displays this values correctly. But it is not possible to
add such an empty value. Moreover, an empty value is deleted when adding
a second non-empty value or when editing the empty value in the search
result editor. And the LDIF editor marks a line with an empty value as
erroneous. These bugs must be fixed.
Do you mean those errors are ADS ones?
Currently the empty string cancels editing. If you add a new value and
let it empty it isn't transfered to the server. If you edit an existing
value and make it empty the operation is canceled and the old value remains.
So my question is how should LS assist the user when s/he wants to add
an empty value?
Some suggestions:
- When adding a new empty value or editing an existing value we could
prompt: "Do you really want to save the empty value?"
- A special action: "Make this value empty"
I would suggest that the LdapBrowser include the schema syntaxCheckers,
to guaranty that empty values are accepted only when allowed. It will
limit the potential problems when injecting them into the server. wdyt ?
P.S. I tested some other LDAP browsers but no one could handle empty values.
This is how LS is great ;)
Emmanuel
