[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: attributes with no matching rules - can't delete specific values

> It is a flaw rather than an error. The behavior of the server looks
> as it cannot match the value you're deleting. You need to delete all of
> values and replace them with the ones you want to keep by hand (e.g.

Thanks and yes, I realise the server is behaving correctly, according to its
"flawed" schema definition. However this seems like a fairly serious flaw,
for 2 reasons:

1) In our case, the attribute values are being updated by a meta-directory
application (which works perfectly with OpenLDAP 1.2.x). The solution you
suggest, while workable, implies to me that our application may now need to
have knowledge of whether or not any given attribute has matching rules
defined, and use that knowledge to choose whether to use "replace" or
"delete/add" for updating the values of that attribute (because for example
to remove a single member from a group with 100's of members, using "delete"
makes more sense than using "replace"). With 1.2.x we simply used
"delete/add" by default for managing all attributes.

2) It is impossible to search based on values of the attributes in question.
Isn't this the fundamental purpose of LDAP?

Shouldn't the schema be updated to remove this problem? That's what I've
decided to do here anyway, for the attributes that interest us, although I'd
definitely prefer not to have to do this.

On a related topic, there are also some attributes with matching rules
defined that are not supported by the server. Specifically "postalAddress"
and "homePostalAddress". These both have "caseIgnoreListMatch" and
"caseIgnoreListSubstringsMatch", but these rules are not supported by
OpenLDAP. Once again I've decided to change our local copy of the schema
files, but would prefer if the standard files were correct.