I can think of lots of reasons why LDAP shouldn't allow null values. In relational databases, even experts consider nulls a nasty problem:
Null can be used to represent both missing and inapplicable values, what you really care about & know might be more accurately represented by "distinguished nulls", equality and ordering rules for nulls are bizarre but necessary, what do you do with unknown values when you operate on them, etc.
In sum, three-valued logic can be confusing. "No free lunch."
From: Mudry, Robert (N-aerotek) [mailto:email@example.com]
Sent: Monday, April 01, 2002 2:26 PM
Subject: RE: "Replacing" an attribute's value with "nothing"
I think what can many times be forgotten is, there is a big difference
between what a standards body determines to be the right way of doings
thing, and what is truly practical from an implementation standpoint for
mere mortals like myself who are trying to get some simple functionality out
of a system which, lightweight or not, is still pretty darn complex.
For example, why can't I assign a value of null to an attribute? You can
vary the behavior of attributes in other ways (multivalue, case insensitive
string, etc.) but not "can be null"? It's not as if this is an unusual
concept in databases. But for LDAP, this is not allowed? Instead, I now need
to write quite a bit of extra code and perform several different operations,
put additional load on the server, and add unnecessary complexity to my
Are the people who determined that you can't have a null attribute value the
same ones who decided that "favouriteDrink" (UK spelling and all) is a
necessary attribute in the cosine schema?
I greatly appreciate all the hard work that has gone into the OpenLDAP
project. But I sometimes wish that LDAP itself was a little narrower in
scope, a little less complex, and a little more understanding. Is it only
me, or do all these standards bodies way overcomplicate the problems they
are trying to solve?
-Robert, who still thinks "groupOfUniqueNames" should have "uniqueMember" as
a "MAY" attribute...
> -----Original Message-----
> From: Michael Ströder [SMTP:firstname.lastname@example.org]
> Sent: Saturday, March 30, 2002 4:50 AM
> To: Mudry, Robert (N-aerotek)
> Cc: 'openldap-software@OpenLDAP.org'
> Subject: Re: "Replacing" an attribute's value with "nothing"
> Mudry, Robert (N-aerotek) wrote:
> > Is there a way I can set an attribute in my schema to allow me to
> > its value with ""? (That's nothing) Most of our code was designed for
> > Netscape Directory Server, which allows replace operations of "". But
> > OpenLDAP has been complaining:
> > Return code: 21 Message: LDAP_INVALID_SYNTAX
> Which is exactly the right response code since your attempt to add an
> attribute value violates the X.500 data model.
> To all the folks implementing workarounds or complaining about OpenLDAP
> doing something wrong because it works on Netscape DS:
> I'd suggest you read and understand the LDAP standard and implement
> compliant LDAP applications. This means applications have to deal with
> non-existent attributes as being non-existent. Otherwise your sick
> applications will not be vendor-independent.
> Ciao, Michael.