From: Chris R. <chr...@me...> - 2001-09-24 12:21:19
|
Raju Mathur <ra...@li...> wrote: > Hi, > > Is there a problem with writing empty attributes into an OpenLDAP 2.x > database with Net::LDAP? If any of the attributes has an empty string > as the value during an add or modify operation I get the following > messages: > > addDomain.cgi: Use of uninitialized value in length at > /usr/lib/perl5/site_perl/5.6.0/Convert/ASN1/_encode.pm line 124, > <ConfigFile> line 148. addDomain.cgi: Use of uninitialized value in > concatenation (.) at > /usr/lib/perl5/site_perl/5.6.0/Convert/ASN1/_encode.pm line 125, > <ConfigFile> line 148. > > and the add/modify itself fails with a message like: > > addDomain.cgi: Update domain XXX.com failed: LDAP_INVALID_SYNTAX: Some > part of the request contained an invalid syntax. It could be a search > with an invalid filter or a request to modify the schema and the given > schema has a bad syntax. > > Is this a bug in Convert::ASN1 or an LDAP v3 feature? If a feature, > what should the syntax of attributes which may be empty be? Very few attributes permit zero-length values. Off the top of my head, the only ones that do are ones using the DN syntax (a DN of "" represents the root of the directory) and userPassword (yes, you can have zero-length passwords :-) The server is returning the correct error iff the attribute you are setting a zero-length value for have a syntax that does not permit this. I can't find a proper description of the IA5 syntax (the one you are using) in any obvious document, but I would tend to assume that you need more than 1 character in any value. I think the error is in your use of the directory, in other words :-( although probably Net::LDAP shouldn't complain when you pass it zero-length values. (Incidentally your OID is not only fake but illegal: the first arc can only be 0, 1 or 2. You need better fakes :-) Cheers, Chris |