Re: How to limit the attribute length?

[David Olivier <David.Olivier@univ-lyon2.fr>]

--Le jeudi 12 juillet 2001 18:44 +0800 purewang@cht.com.tw écrivait:

> I try to limit the attribute length in OpenLDAP-2.0.11, ex,
>
> attributetype ( 2.16.840.1.113730.3.1.4
>         NAME 'employeeType'
>         DESC 'RFC2798: type of employment for a person'
>         EQUALITY caseIgnoreMatch
>         SUBSTR caseIgnoreSubstringsMatch
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{5} )
>
> From the SYNTAX on the above definition, I let the maximal length of this
> attribute is 5, however, I still can insert a  entry with this attribute
> that its string length is greater than 5. Could anyone give me some idea?
> ps: I also setup the  "schemacheck on"...
> Thank You very much!!
>
> --------------------------------------------------------
> Shih-Chang Wang

As I understand RFC 2252, the {5} you specified tells the server that it 
should be prepared to store at least 5 characters. It doesn't mean the 
server should limit the length to 5, but that it should not limit the 
length to less than 5.

I don't know of a way to set a maximal length.

RFC 2252:

> 4.3.2. Syntax Object Identifiers
> ...
>    A suggested minimum upper bound on the number of characters in value
>    with a string-based syntax, or the number of bytes in a value for all
>    other syntaxes, may be indicated by appending this bound count inside
>    of curly braces following the syntax name's OBJECT IDENTIFIER in an
>    Attribute Type Description.  This bound is not part of the syntax
>    name itself.  For instance, "1.3.6.4.1.1466.0{64}" suggests that
>    server implementations should allow a string to be 64 characters
>    long, although they may allow longer strings.  Note that a single
>    character of the Directory String syntax may be encoded in more than
>    one byte since UTF-8 is a variable-length encoding.

---
David Olivier
Klebs gardien Alpages CRI courrier brebis Lyon 2 Lumière