[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different CN's for DN and CN.

To: Adam Williams <awilliam@whitemice.org>
Subject: Re: Different CN's for DN and CN.
From: Ming Deng <mingd@oeone.com>
Date: Tue, 18 Mar 2003 17:22:37 -0500
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.44.0303181606540.23105-100000@estate1.whitemice.org>
References: <Pine.LNX.4.44.0303181606540.23105-100000@estate1.whitemice.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030313

Adam Williams wrote:

Yes that's a new constraint comming with 2.1.14 and above ...(better 
respect to RFCs i supose)
RDN attribute must be exactly the same (except respect of case) as the 
attributre difined in the object. in your case you must have:

dn: cn=myname, ou=people, dc=sws, dc=oldham, dc=uk, dc=net
cn: myname
and  NOT:
cn: My Name

Does it have to be a cn attribute in this case? I seem to have built 
some DITs  with some attributes only appear
in dn.


All elements of the RDN must appear as attributes in the object.

There are lots of examples which do not follow this rule. As for this example,
# MemberGroupA, stooges
dn: ou=MemberGroupA,o=stooges
ou: MemberGroupA
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupA

Here "organizationalUnit" does not allow an attribute of "o".

Ming

Follow-Ups:
- Re: Different CN's for DN and CN.
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: Different CN's for DN and CN.
  - From: Adam Williams <awilliam@whitemice.org>

References:
- Re: Different CN's for DN and CN.
  - From: Adam Williams <awilliam@whitemice.org>

Prev by Date: RE: test of SASL DIGEST-MD5 mechanism
Next by Date: The script! (Was Re: Different CN's for DN and CN.)
Index(es):
- Chronological
- Thread