[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: "Replacing" an attribute's value with "nothing"

On Mon, 1 Apr 2002, Mudry, Robert (N-aerotek) wrote:

> >>I think what can many times be forgotten is, there is a big difference
> >>between what a standards body determines to be the right way of doings
> >>thing, and what is truly practical from an implementation standpoint for
> >>mere mortals like myself who are trying to get some simple functionality
> out
> >>of a system which, lightweight or not, is still pretty darn complex.
> >
> >There are alot of "mere mortals" trying to use powerful tools which they
> >do not properly understand.
> Well, perhaps you would like to explain to me what I don't understand? My
> impression is that LDAP is a protocol for accessing a directory service, and
> a directory service is a database which contains information about people
> and things in a read-optimized fashion. My webserver uses LDAP to manage its
> users, and I use this existing LDAP directory to store additional
> information about my users that is meaning to my application and my user
> base. Where is the misunderstanding?

Since we're throwing the word "database" around, think normalization.
What, exactly, are the distinct meanings, in your data model, for
"attribute not present", "attribute has no value", and "attribute has
zero-length value"?  And how do they relate to the meaning of the
attribute when it has a non-zero-length value?  If I had invented such a
thing, I'd strongly suspect that I was trying to smush two distinct data
into a single field, which is frowned upon in database design for good
reasons.  I'd probably split the field/column/whatever into at least two.

> So what problem was LDAP 'designed' to solve that I'm just not getting? I
> always thought it was to allow many independent applications to access and
> maintain information on certain entities, such as people, across one or more
> organizations. What does the exact nature of the data have to do with
> anything?

LDAP was designed to allow expression of the more popular parts of the
X.500-series recommendations without requiring people to touch the icky
nether regions of the OSI stack.  What you should be asking, though, is
what X.500 was designed for.

Open a telephone book.  Look at the entries.  There are names and phone
numbers, and some (but not all) entries have addresses, and some
subscribers are not listed (at least, not in your view of the directory),
and some entries have advertising copy while others do not.  That's
the data model from which X.500 grew, and it has nothing in it which can
express "this subscriber has an address but it has no value".  Either
there's an address, or there's not an address.

> I don't think any sort of "rethinking" is going to solve the problem that if
> I can't use a null as a valid value in an attribute, that I'm going to need
> to do a delete of that attribute if no value is appropriate. Heck, I already
> rewrote the offending routines; I'm now trying to understand what the real
> issue is here, and what the exact nature of my ignorance is on this matter.

The issue is that if "not present" and "no value" are distinct, your data
model probably needs refinement.  I for one am having trouble thinking of
any way to assign distinct meanings to these two states.

You're going to have roughly the same code anyway:  ldap_modify()
specifying LDAP_MOD_REPLACE with a null value (whatever that is) vs.
ldap_modify() specifying LDAP_MOD_DELETE and no list of values at all.

Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".