[Openinteract-dev] SPOPS::LDAP bug with MAY attributes

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi *!

There has been some time since I posted this on the help list. 

The issue (which is probably a duplicate of SP-2 in Jira, which should be
reopened) is a problem SPOPS::LDAP has with LDAP attributes that do not
allow empty values.

On deleting an attribute from the SPOPS object, it is removed from the
object. 
On storing an object in a LDAP directory, SPOPS iterates over the object's
field_list 
to make up the Net::LDAP::Entry object to store in the directory.

Thus, SPOPS tries to store non-existant (and undef) attributes as empty in
the LDAP 
directory, resulting in  "value #0 invalid per syntax" error message from
openLDAP. 

I have suggested the introduction of a "ldap_require_fields" configuration
directive 
to solve this issue. Together with a second directive
"ldap_check_require_fields" it 
works like this:

- if ldap_check_require_fields is set to a true value, SPOPS::LDAP checks
the fields 
  *not* listed in ldap_require_fields, and excludes them from the LDAP
operation 
  if they are missing or undef (resp. deleting them from the LDAP directory
if they 
  existed before).

This solution does not interfere with the "skip_undef" configuration flag:
If an 
attribute is mentioned in "skip_undef", it is not removed from the LDAP
directory 
if missing or undef.

A patch against SPOPS-0.87 including a test script (which will fail if you
try it 
against a unpatched SPOPS::LDAP implementation) is attached.

Regards,

Martin Kutter