On Fri, 2013-01-11 at 14:19 -0800, Nathan Kinder wrote: Th patch itself looks fine. It looks like its doing what is advertised. I have a question, though, about the effects of this patch. Prior to this patch, if DS syntax checking were turned off, then a number of attributes could be stored in the TPS data records with a value of "". Now, when these records are accessed - either for processing or display in the UI, the values are usually returned with various function calls that ultimately call something like: char *get_cert_attr_byname(LDAPMessage *entry, const char *name) This would return "" for an empty attribute, but presumably would return NULL now that the attribute does not exist in the record. Have you looked at all the places where these parameters are queried, and made sure that we handle the NULL return correctly? Ade