Printout Header
LEX RSS Feed

LEX Online Manual Content

Attributes with Option 'Binary'

Some directory systems enforce a special treatment for certain attributes, so that the LDAP attribute option 'binary' must be used. The reason for this: The regarding attribute values or assertion values must be BER (Basic Encoding Rules) encoded - otherwise the values are encoded according to the LDAP-specific encoding RFC 4517 for the attribute's syntax. To signalize this special handling, the LDAP server returns such attributes only with the 'binary' option.

LDAP options like the 'binary' option are generally described in in LDAP v3 specification in RFC 4511. They are added to the attribute names as a suffix whenever the LDAP server and client communicate with each other, for example like this:

userCertificate;binary

The 'binary' option in particular is described in RFC 4522. Sometimes it is not marked clearly in the directory schema when an attribute requires a handling with the 'binary' option. In this cases you have the possibility to put such an attribute into the Binary Option Attributes list in the application options under Tools - Options - LDAP Settings:

Attribute which needs the LDAP binary option


So such attributes can be read and written without issues. Normally you will not have to work hard on this list because most of the attributes which needs the binary options are predefined as default values here.

You will realize when an attribute needs to be added to this list when you see it in the attribute list panel with the ';binary' string at the end of the attribute's name:

Attribute which needs the LDAP binary option


Another symptom which alerts you to add such an attribute name to the Binary Option Attributes list: An protocol error occurs if you want to write such an attribute without the 'binary' option:

Write error for attribute which needs the LDAP binary option