[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap binary attributes

To: "'mcs@netscape.com'" <mcs@netscape.com>
Subject: RE: ldap binary attributes
From: Christopher Oliva <Chris.Oliva@entrust.com>
Date: Thu, 19 Nov 1998 17:36:12 -0500
Cc: 'LDAP EXT' <ietf-ldapext@netscape.com>
Resent-date: Thu, 19 Nov 1998 14:44:07 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"jDApt2.0.it.ry9Ls"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

In that scenario, when the ldap component of the directory server has
finished decoding the PDU, it's left with a raw binary value with no
corresponding syntax (neither ldap nor ASN.1). However, when configuring the
server schema, you must specify some sort of syntax for the attribute value.
In the scenario you described, which syntax matches the raw, decoded
attribute value? If you have specified octet string as the syntax, then
should the attribute value not be wrapped in an octet string? Is there not
the chance that some directory implementations will choke on the value if
the syntax is not as expected?

Chris.

> ----------
> From: 	mcs@netscape.com[SMTP:mcs@netscape.com]
> Sent: 	Thursday, November 19, 1998 3:30 PM
> To: 	Christopher Oliva
> Cc: 	'LDAP EXT'
> Subject: 	Re: ldap binary attributes
> 
> Christopher Oliva wrote:
> > ...
> > If the ldap server is configured to expect the octet string syntax for a
> > given attribute and the values must be explicitly encoded as octet
> > string, what does the ldap C API draft require? Binary values added in
> > the ldapmod struct must be added via the mod_bvalues variant. Does this
> > (combined with paragraph 4.1.6 of rfc 2251) indicate that the
> > implementation must automatically encode such a binary value as an octet
> > string? Or does the user do it with ber_printf? And what is the server
> > expected to do with these values when decoding and when encoding for a
> > response to the client (i.e. will the value returned by the server need
> > to be decoded by the client using ber_scanf to remove the octet string
> > header)?
> 
> My interpretation is that AttributeValues are always passed as Octet
> Strings within LDAP itself.  The LDAP C API just takes whatever value is
> provided, wraps it in an Octet String as required by the protocol, and
> ships it off to the server.  When decoding, the Octet String wrapper is
> essentially removed by the API implementation.  I don't think users of
> the API have to worry about this at all.
> 
> -- 
> Mark Smith
> Directory Architect / Netscape Communications Corp.
> My words are my own, not my employer's.  Got LDAP?
>

Prev by Date: RE: http-digest authentication comments...
Next by Date: RE: Status of LDIF and Changelog?
Index(es):
- Chronological
- Thread