[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Significance of name forms.

To: Michael Ströder <michael@stroeder.com>, openldap-technical@openldap.org
Subject: Re: Significance of name forms.
From: Howard Chu <hyc@symas.com>
Date: Thu, 30 Apr 2015 17:32:13 +0100
In-reply-to: <55424261.6000004@stroeder.com>
References: <5541D66C.2010704@gmail.com> <554213E9.9030406@symas.com> <55422606.40002@stroeder.com> <55422F1E.7020506@symas.com> <55424261.6000004@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 SeaMonkey/2.37a1

Michael Ströder wrote:

Howard Chu wrote:

Michael Ströder wrote:

On 2015-04-30 13:37, Howard Chu wrote:

No. Name forms are only used when a DIT Structure Rule references them.


Are you sure? If yes, then please point out what's missing herein:


PS: you should read X.501(1993) for the exact text, since LDAP must
conform to
that spec. Section 12.6.

http://www.itu.int/rec/T-REC-X.501/en


Hmm...

In X.501(1993) and X.501(2010) it is simply assumed that there are
*always* DIT structure rules.

 From X.501(1993) section 12.6.5 and X.501(2010) section 13.7.5:
"Each object and alias entry is governed by a single DIT structure rule"

But there's no text dealing with the LDAP implementation without
governing structure rule of an entry.

Name Forms are a component of DIT Structure Rules. If you don't use DITStructure Rules, then you don't have name forms either.

http://www.stroeder.com/img/LDAP_Schema_References.png


Also after re-reading X.501 it seems the diagram is correct.

This statement in my former posting is obviously corrent:

"You cannot use DIT Structure Rules without associated Name Forms."

Because connecting the governing with the superior structural rule
cannot be done without name forms.

The governing structure rule might limit the set of possible structural
object classes in a part of a DIT but if absent or not applicable you
can still limit to possible name form(s) for a chosen structural object
class.


No, if there are no DIT structure rules then there are no constraints
whatsoever on the naming or placement of entries.


I did not find any text in X.501 or RFC 4512 which clearly says that.
Especially RFC 4512 makes DIT structure rules optional. Maybe I'm
missing something though.


12.6.2

A name form is only a primitive element of the full specificationrequired to constrain the form of the DIT to thatrequired by the administrative and naming authorities that determine thenaming policies of a given region of the DIT.The remaining aspects of the specification of DIT structure arediscussed in 12.6.5.


12.6.5 defines DIT Structure Rules.


I also vaguely remember having seen RFCs or I-Ds specifying name forms
without DIT structure rules. Which of course also is not a sufficient
proof that name forms apply without DIT structure rules though.

Please don't get me wrong. I just want to clarify this. Because the
truly optional use of DIT structure rules and name forms is a difficult
and maybe under-defined topic.

It is completely defined. Name Forms have no meaning on their own. Theyonly have any significance when used in a DIT Structure Rule.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Significance of name forms.
  - From: Michael Ströder <michael@stroeder.com>

References:
- Significance of name forms.
  - From: dE <de.techno@gmail.com>
- Re: Significance of name forms.
  - From: Howard Chu <hyc@symas.com>
- Re: Significance of name forms.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Significance of name forms.
  - From: Howard Chu <hyc@symas.com>
- Re: Significance of name forms.
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: getent passwd only catch local user passwd
Next by Date: Re: getent passwd only catch local user passwd
Index(es):
- Chronological
- Thread