Details
-
Bug
-
Status: Closed
-
Major - P3
-
Resolution: Fixed
-
3.4.2
-
None
-
Fully Compatible
-
ALL
-
v3.4
-
Platforms 2017-03-27
Description
RFC4511 allows LDAP searches to return empty attributes which have no values:
4.1.7. Attribute and PartialAttribute
Attributes and partial attributes consist of an attribute description
and attribute values. A PartialAttribute allows zero values, while
Attribute requires at least one value.PartialAttribute ::= SEQUENCE {
type AttributeDescription,
vals SET OF value AttributeValue }
The results of the Search operation are returned as zero or more
SearchResultEntry and/or SearchResultReference messages, followed by
a single SearchResultDone message.SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
objectName LDAPDN,
attributes PartialAttributeList }PartialAttributeList ::= SEQUENCE OF
partialAttribute PartialAttributeSearchResultReference ::= [APPLICATION 19] SEQUENCE
SIZE (1..MAX) OF uri URISearchResultDone ::= [APPLICATION 5] LDAPResult
Servers conforming to this specification do not need to return any values for a particular attribute.
libldap appears to return a NULL pointer when ldap_get_values_len is called for an attribute without values, instead of an array containing a NULL pointer. libldap more commonly returns a NULL pointer on error. However, this condition is not considered an error, so no result code is set on the LDAP session handle.
We should correctly handle this case.