That is what I see from reading and what I have done to experimint.

And I just could not let this one die.

When I look at the LDAP schema, I see the following:
( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX
1.3.6.1.4.1.1466.115.121.1.40{64512} )
( 0.9.2342.19200300.100.1.7 NAME 'ldapPhoto' SYNTAX
1.3.6.1.4.1.1466.115.121.1.40{64512} )

Now, it may not look bad at first glance, but we have the SAME OID for
two different attributes.

Clearly a failure in LDAP RFC compliance.

No mappings on the LDAP Group entry for these, they are really two
different attributes.

Photo, described here:
http://developer.novell.com/document...a/a8fgntj.html


ldapPhoto descibed here:
http://developer.novell.com/document...a/a3op8zp.html


So this is definitly broken.


On 2011-12-08 21:01:48 +0000, Wolfgang Schreiber said:

> Interesting and strange phrases in that RFC: "suggested upper minimum
> bound" ... "may allow longer strings"
>
> Imagine such rules for road speed limit signs.
>
> It is my understanding that eDirectory strictly enforces these upper
> and lower limits. So I assume, even if eDir "may allow longer strings"
> without violating the RFC, it just doesn't.
>
>
> DS_SIZED_ATTR
>
> Indicates that the attribute has an upper and lower boundary. This can
> be the length for strings or the value for integers.The first number
> indicates the lower boundary and the second, the upper boundary.
>
> Wolfgang
>
>
> On 08.12.2011 16:28, Jim Willeke wrote:
>> The value {64512} indicates the maximum size of the attribute and is an
>> optional setting.
>> In LDAPv3, the len value is a "suggested upper minimum bound", not a
>> maximum length restriction. From last paragraph of RFC 2252, 4.3.2.
>>
>> "A suggested minimum upper bound on the number of characters in value
>> with a string-based syntax, or the number of bytes in a value for all
>> other syntaxes, may be indicated by appending this bound count inside
>> of curly braces following the syntax name's OBJECT IDENTIFIER in an
>> Attribute Type Description. This bound is not part of the syntax
>> name itself. For instance, "1.3.6.4.1.1466.0{64}" suggests that
>> server implementations should allow a string to be 64 characters
>> long, although they may allow longer strings. Note that a single
>> character of the Directory String syntax may be encoded in more than
>> one byte since UTF-8 is a variable-length encoding."
>>
>> According to Novell's document schema
>> http://developer.novell.com/document.../h4q1mn1i.html
>>
>>
>>
>> "The picture file cannot exceed 64K."
>>
>> Form a "pure" LDAP perspective, the LDAP attribute with the OID
>> 0.9.2342.19200300.100.1.60 is jpegPhoto which maps to the NDS attribute
>> photo. (Or the other way around, depending ont he pserspective).
>>
>> Acording to the Informational RFC http://www.ietf.org/rfc/rfc2798.txt,
>> jpegPhoto is NOT sized.
>>
>> -jim
>>
>>
>> On 2011-12-07 06:46:01 +0000, peterkuo said:
>>
>>> jwilleke;2158923 Wrote:
>>>> On 2011-11-29 22:26:01 +0000, peterkuo said:
>>>>
>>>>> There is a finite file sized limit ...
>>>>
>>>> Not according to the schema.
>>>>
>>>> ( 0.9.2342.19200300.100.1.7 NAME 'ldapPhoto' SYNTAX
>>>> 1.3.6.1.4.1.1466.115.121.1.40{64512} )
>>>>
>>>> Shows sized at 65k.
>>>>
>>>> --
>>>>
>>>> Thank You for your help!
>>>>
>>>> -jim
>>>> Jim Willeke
>>>
>>>
>>> Perhaps I misunderstood you, but isn't "Sized at 65K" a 'finite' file
>>> size limit? <g>



--

Thank You for your help!

-jim
Jim Willeke