[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPprep Failure was: Re: LDAPprep: mapping of " " values

To: ietf-ldapbis@OpenLDAP.org
Subject: Re: LDAPprep Failure was: Re: LDAPprep: mapping of " " values
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 17 Nov 2004 18:55:10 +0100
In-reply-to: <419A9D28.7020407@eb2bcom.com>
References: <6.1.2.0.0.20041114173514.02e0cd80@127.0.0.1> <4199A06D.3030302@eb2bcom.com> <419A9D28.7020407@eb2bcom.com>

Let's see - attribute values that fail LDAPprep...

* cannot coexist with other values in the same attribute,

* cannot be removed by naming the value, only the entire attribute,

* cannot be (successfully) searched for or compared with,

* probably cannot be used in RDNs - the alternative would be a mess like
  they can exist in the RDN but one cannot look up the entry by its DN
  (since that involves comparing the supplied DN with the entry's DN),
  and maybe not add the entry if another entry exists with the same
  parent (since one must check if the other entry has the same name),

* can mess up a replication scheme which checks if a value is already
  present by EQUALITY-comparing the new value with the old value,

* cannot be named as individual values in access controls, if such
  controls use the EQUALITY rule to check if access is allowed,

* cannot be sorted by the ORDERING rule.

Anything else?

-- 
Hallvard

Follow-Ups:
- Re: LDAPprep Failure was: Re: LDAPprep: mapping of " " values
  - From: Rici Lake <rici@ricilake.net>

References:
- LDAPprep: mapping of " " values
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: LDAPprep: mapping of " " values
  - From: Steven Legg <steven.legg@eb2bcom.com>
- LDAPprep Failure was: Re: LDAPprep: mapping of " " values
  - From: Steven Legg <steven.legg@eb2bcom.com>

Prev by Date: Re: BIDI (was: Stringprep Considered Harmful)
Next by Date: Re: BIDI (was: Stringprep Considered Harmful)
Index(es):
- Chronological
- Thread