[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Protocol: Add, ModDN, and RDN attrs



Jim Sermersheim wrote:

The problem is one of consistency and proper alignment with X.500. I was asked by a directory developer whether the attributes of an RDN MUST also be named in the attribute list during an add. My reply was that according to the protocol document and RFC 2251, yes. Then I was asked how the same scenario works with Modify DN. My reply was that there was no guidance. This prompted me to look at the X.500 specifications and found the discrepancy.

OK; that makes sense. We should certainly specify how things work with Modify DN as well as Add.



You're right, the language in RFC 2251 is clear, but it is opposite of that in X.511. Aside from possibly making some server implementations overly restrictive, What justification is there to leave the language as it is? I can't think of a reason as to why it would have been added without an explanation as to why it is different from the instructions in X.511. If we decide to leave the imperative for compatability with older implementations, we need to explain why it is there.

Fair enough. I can only speculate on why the language was included. Possible reasons:


1) Accidental (someone wanted to be consistent with X.511 but got it wrong). I think this is an unlikely reason.

2) Intentional. Perhaps someone thought LDAP server implementations would be simpler if distinguished values were included.

It seems likely that some server implementations rely on clients including distinguished values. But I am not sure. The Netscape implementation I used to work on was "enhanced" at some point in the somewhat distant past to be liberal in what it accepts and handle clients that include or omit such values.

-Mark