[Date Prev][Date Next] [Chronological] [Thread] [Top]

attribute length restrictions

To: ldapbis <ietf-ldapbis@OpenLDAP.org>
Subject: attribute length restrictions
From: Norbert Klasen <norbert.klasen@daasi.de>
Date: Mon, 27 Aug 2001 18:58:26 +0200
Content-disposition: inline

Hi, it seems there is a mismatch between length restrictions for standard attribute types as specified in X.520v3 and LDAPv3:

X.520, section 5.2.2
commonName ATTRIBUTE	::=	{
	SUBTYPE OF		name
	WITH SYNTAX		DirectoryString {ub-common-name}
	ID			id-at-commonName }

X.520, annex C
ub-name			INTEGER	::=	32768
ub-common-name	INTEGER	::=	64

(Note: In X520_4thEditionDraftv5 ub-name now also is 64.)


draft-ietf-ldapbis-user-schema-00, section 3.2.2
   ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

draft-ietf-ldapbis-user-schema-00, section 3.2.38
   ( 2.5.4.3 NAME 'cn' SUP name )

This would restrict commonName in X.500 to 64 characters, while it could hold up to 32768 characters in LDAP. Same for o and ou (and sn?). Has this deviation been made deliberately?

P.S.: Personally, I would like to use the larger limits because in Germany names for academic institutions easily exceed 64 characters. However, this would probably lead to problems in maintaining an identical data set on the FLDSA and standalone LDAP servers.

--
Norbert Klasen
DAASI International GmbH                 phone: +49 7071 2970336
Wilhelmstr. 106                          fax:   +49 7071 295114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de

Follow-Ups:
- Re: attribute length restrictions
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- RE: attribute length restrictions
  - From: "Steven Legg" <steven.legg@adacel.com.au>

Prev by Date: RE: ModifyDN -- subtrees or not?
Next by Date: Re: attribute length restrictions
Index(es):
- Chronological
- Thread