[Date Prev][Date Next]
Re: (ITS#4100) userCertificate vs. userCertificate;binary when deleting attribute
Kurt D. Zeilenga wrote:
> As the server certainly MUST return the attribute as
> userCertificate;binary, no schema knowledge is actually
> required to know ;binary must appear to delete it.
This is not what my OpenLDAP RE23 installation is doing even when
dn: cn=Michael [..]
userCertificate:: MIIEWzCCA [..]
Hmm, this entry is very old but was reimported through slapd from a LDIF
file which contains userCertificate. Every time I slapcat it the LDIF
output contains userCertificate. No ;binary seen in LDAP results.
> One simply echoes the attribute description as returned
> by the server.
Obviously it's not so simple.
> I note there are very few LDAP attribute value syntaxes that
> require ;binary. So even if you go the schema route, it's
> not like you have to special case endless number of
> syntaxes. IIRC, there are 4 such standard-track syntaxes.
Off-topic: Which ones?
> Of course, there could be endless locally defined syntaxes,
> but I suspect there are few... anyone with any brains
> would avoid ;binary on anything new (as suggested by
> the revised ;binary specification).
> Anyways, failing on 'userCertificate' here is, at least,
> the intended behavior.
But it still fails on userCertificate;binary with "no such attribute".
Please re-read the ITS entry I filed.