Re: Printable String syntax

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 04:36 PM 12/9/2003, Steven Legg wrote:
>Kurt D. Zeilenga wrote:
>>In RFC 2252, the ASN.1 data type Printable String could
>>be empty.  This is consistent with X.680.  However,
>>ldapbis-syntaxes restricts values of this syntax to one
>>or more printable characters.  This should be corrected.
>
>As I recall, you were the one that suggested that the Printable
>String syntax should require at least one character because some
>of the attributes using this syntax are required to have at least
>one character (according to X.500). Have you changed your mind ?

Well, it was the inconsistency with the ASN.1 type that
drew my attention to this.  Not all abstract values have
LDAP-specific string representations.  So, I'm thinking
we likely need to change the ASN.1 to have a non-empty
restriction.  (Same issue likely applies to numeric string.)

However, beyond this, I'm a bit concerned that values which
cannot be prepared for matching can be stored in the directory.
In particular, I'm concerned that empty IA5 strings are allowed.

In examining a large number of the attributes of IA5 string
syntax, I could not find any in which an empty value made
sense.  For instance, an empty 'mail' address in nonsense.
In fact, I found that RFC 1274 specifically placed a size
(1..N) on values of 'mail'.  I've come across servers which
allow empty IA5 strings and servers which don't... but
more importantly I've run into applications which get
quite confused by empty values for common IA5 attributes.

So, I'm thinking we need to change IA5 String as well.

Kurt