RE: NOT filter question

[John McMeeking <jmcmeek@us.ibm.com>]

Is this something that should be clarified in the LDAP standards?

It seems like this is an area where, arguably, we are departing from X.500.
The 1993 edition is unclear to me on this matter and the position that an
assertion about an attributetype that is not contained in the entry is
FALSE seems to be based on the X.501 and X.511 text not mentioning the
case.  Later editions appear to address this case, which seems to be a
clarification rather than a change.

Some disagreement on the correct behavior has been expressed in these notes
and past discussions I found in the archives.  There does seem to be
agreement that current practice is (cn=bob) evaluates to FALSE if there is
no cn attribute in the entry.

Should we state the correct LDAP behavior.  Perhaps add something like the
following to [protocol] 4.5.1 following the paragraph beginning "The
present match evalates to TRUE...":

"For filter elements other than present match, if no value of the specified
attribute description is present in the entry, the filter element evaluates
to FALSE."

The text about what consitutes an undefined filter element might need to be
moved up as well.

And if the concensus goes the other way (the issue doesn't seem quite
settled yet), add the corresponding note instead:

"For filter elements other than present match, if no value of the specified
attribute description is present in the entry, the filter element evaluates
to UNDEFINED."


John  McMeeking


"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote on 09/01/2004 09:37:16 PM:

> At 06:14 PM 9/1/2004, Ramsay, Ron wrote:
> >It was changed in X.500:2000.
>
> Well, since we reference X.500(1993), we can and should
> ignore the change. -- Kurt
>