[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: zero-len RDNs
Jim,
Considering only cn=, X.520(1993) defines DirectoryString as
DirectoryString { INTEGER:maxSize } ::= CHOICE {
teletexString TeletexString (SIZE(1..maxSize)),
printableString PrintableString (SIZE(1..maxSize)),
universalString UniversalString (SIZE(1..maxSize)) }
The definition has changed over time but I doubt that the constraints have
been dropped. Therefore, a commonName value must have at least one character
(of the character set).
Ron.
-----Original Message-----
From: Jim Sermersheim [mailto:JIMSE@novell.com]
Sent: Thursday, 21 September 2000 3:39
To: ietf-ldapext@netscape.com
Subject: zero-len RDNs
Hey all.
Recently I've encountered a problem where someone was able to add an entry
with a zero length RDN, and then was not able to read the entry back. For
example, this entry was created:
dn: cn=,o=bar
I'm trying to resolve which half of the problem is the real problem
(allowing such an addition, or not being able to resolve the name) and have
concluded that both X.501 and RFC 2253 allow you to create an entry with a
zero length RDN.
Can anyone verify or dismiss this? It doesn't feel right, but I can't find
anywhere in the spec's that disallow it.
Thanks.
Jim