[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: homePostalAddress attribute

To: <Frank.Swasey@uvm.edu>
Subject: Re: homePostalAddress attribute
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Mon, 18 Nov 2002 18:46:23 +0100 (CET)
Cc: <tonni@billy.demon.nl>, <ando@sys-net.it>, <andrew.findlay@skills-1st.co.uk>, <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <Pine.A41.4.44.0211181237080.100568-100000@elk.uvm.edu>
References: <1037639194.3138.85.camel@localhost> <Pine.A41.4.44.0211181237080.100568-100000@elk.uvm.edu>

> Today at 6:07pm, Tony Earnshaw wrote:
>
>> man, 2002-11-18 kl. 16:35 skrev Frank Swasey:
>>
>> > > AFAIK the absence of EQUALITY des not allow to delete a specific
>> value, since no matching applies, that is to delete a value you
>> need to delete all and re-add the ones you wanted to preserve.
>>
>> > True, which also means that you can't do it with PHP's LDAP support.
>> Not that that is necessarily bad , in the opinion of a PERL hack :-)
>>
>> PHP 4.2.3 is *not* capable of this. Even John Hallam's de facto top
>> PHP4 utility isn't. .Shoot. Because I have to do it with PHP and am in
>> the process of working up to it with my own code.
>>
>> On the other hand, GQ 0.7.0beta2 can.
>>
>> So it's *not* universally true, but I wish that PHP4 could do it.
>
> True, Perl's Net::LDAP module can do it too.  The difference is that the
> PHP form of deleting a value issues something like the following syntax:
>
> dn: netid=fcs,ou=People,dc=uvm,dc=edu
> changetype: modify
> delete: stupidattribute
> stupidattribute: current value
> -
>
> While GQ and Perl seem to be doing:
>
> dn: netid=fcs,ou=People,dc=uvm,dc=edu
> changetype: modify
> delete: stupidattribute
> -

It is a matter of how clients implement what appears to be the same
operation for single valued attributes in two ways that are perfectly
legal from the protocol's point of view; however, the two operations
are radically different.  The server is perfectly able to accomplish
both, but in the fisrt case it requires an equality rule.  If the
attribute provides none, then a) the attribute is poorly designed
b) the operation is poorly designed for that attribute

>
> The difference between those two forms causes PHP to be UNABLE to delete
> any attribute which doesn't have an EQUALITY clause, or has one that
> OpenLDAP doesn't support.

In this case it is NOT OpenLDAP's fault.  The definition of jpegPhoto
has no equality rule; it is not OpenLDAP's fault.  If you hachk it
by adding some binary equality rule of your choice, it will work, but
the YOU will be violating the jpegPhoto schema definition, and
your directory would be on its own.

>
> While the PHP version is actually better (in the long run) because it
> will not delete a value other than the one intended, OpenLDAP is unable
> to support that because it has both attributes that do not have EQUALITY
> checks defined and also has schema files that define attributes with
> EQUALITY checks that it (openldap) doesn't implement.

I insist: it is not OpenLDAP's fault.  You can define your "myJpegPhoto"
with an equality rule of your choice and be able to add/delete/modify
any values.

Please do not blame innocent software for poorly designed schemas.

Pierangelo.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

Follow-Ups:
- Re: homePostalAddress attribute
  - From: Frank Swasey <Frank.Swasey@uvm.edu>

References:
- Re: homePostalAddress attribute
  - From: Tony Earnshaw <tonni@billy.demon.nl>
- Re: homePostalAddress attribute
  - From: Frank Swasey <Frank.Swasey@uvm.edu>

Prev by Date: Re: homePostalAddress attribute
Next by Date: crossCertificatePair, what exactly should the contents be?
Index(es):
- Chronological
- Thread