Howard Chu wrote:
Michael Ströder wrote:I did not find any text in X.501 or RFC 4512 which clearly says that. Especially RFC 4512 makes DIT structure rules optional. Maybe I'm missing something though.12.6.2 A name form is only a primitive element of the full specification required to constrain the form of the DIT to that required by the administrative and naming authorities that determine the naming policies of a given region of the DIT. The remaining aspects of the specification of DIT structure are discussed in 12.6.5. 12.6.5 defines DIT Structure Rules.
I already read this text carefully and I do see that there is some justification for your interpretation. But still I'm not 100% convinced because the X.501 text is written under the assumption that there is always a governing structure rule (besides one corner-case clarified in X.501(2010)).
And it seems I'm not the only one who interpreted it differently: https://lists.forgerock.org/pipermail/opendj/2015-April/004508.htmlI don't claim to know *the* right interpretation. I'd vote to ask other vendors. I'd happily correct this in web2ldap if needed.
Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature