Re: Fwd: [ldapext] modifyDN.deleteOldRDN and name forms

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 05:22 PM 6/19/2003, Jim Sermersheim wrote:
>I couldn't get a response on ldapext. Maybe people are ignoring it, or
>maybe everyone is just on a holiday.
>
>>>> "Jim Sermersheim" <jimse@novell.com> 6/18/03 2:56:34 PM >>>
>All,
>
>It appears that X.501 allows name forms to specify attributes that are
>not allowed by the object class definition that the name form is used
>for.

Not the "structural" distinction made in the following quote.

><from Name form definition> "The RDN attribute (or attributes) need
>not
>be chosen from the list of permitted attributes of the structural
>object
>class as specified in its structural or alias object class
>definition."

I take this means that the RDN may be chosen from the other
attributes which are allowed to appear in the entry, such as
those allowed (directly or indirectly) by a DIT Content Rule.

>a) Does this also apply to DITContentRules? Meaning, if an attribute
>is
>not allowed on the object class definition, or allowed by the DIT
>Content Rule, can it be specified in the name form?

No.  The naming attributes must be listed from the attributes of the
entry and those attributes must be allowed either the structural
object class of the entry or by the controlling DIT content rule.

>I can't find answers to a, b, or c, in the X.500 series.

I think the answer is primarily given in X.501.