[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fwd: [ldapext] modifyDN.deleteOldRDN and name forms

To: "Jim Sermersheim" <jimse@novell.com>
Subject: Re: Fwd: [ldapext] modifyDN.deleteOldRDN and name forms
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 19 Jun 2003 21:48:51 -0700
Cc: <ietf-ldapbis@OpenLDAP.org>
In-reply-to: <sef23aae.028@prv-mail20.provo.novell.com>

At 09:34 PM 6/19/2003, Jim Sermersheim wrote:
>I still can't find language that says (effectively) that "the attributes
>of an RDN must be chosen from the set of allowable attributes for an
>entry". Is there such language?

X.501(93):
  distinguished value: An attribute value in an entry which has
  been designated to appear in the relative distinguished name
  of the entry.

  relative distinguished name (RDN): A set of one or more attribute
  type and value pairs, each of which matches a distinct
  distinguished attribute value of the entry.

RFC 2251 said:
   Entries have names: one or more attribute values
   from the entry form its relative distinguished name (RDN), ...

Which attribute values may appear in an entry is controlled by
user (and/or system) schema.

Kurt


>Jim
>
>>>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 6/19/03 6:58:38 PM >>>
>A few editorial corrections to my post...
>        Kurt
>
>At 05:50 PM 6/19/2003, Kurt D. Zeilenga wrote:
>>>It appears that X.501 allows name forms to specify attributes that
>are
>>>not allowed by the object class definition that the name form is
>used
>>>for.
>>
>>Not the "structural" distinction made in the following quote.
>
>s/Not/Note/
>
>>><from Name form definition> "The RDN attribute (or attributes) need
>>>not
>>>be chosen from the list of permitted attributes of the structural
>>>object
>>>class as specified in its structural or alias object class
>>>definition."
>>
>>I take this means that the RDN may be chosen from the other
>>attributes which are allowed to appear in the entry, such as
>>those allowed (directly or indirectly) by a DIT Content Rule.
>
>s/means/to mean/
>
>>>a) Does this also apply to DITContentRules? Meaning, if an attribute
>>>is
>>>not allowed on the object class definition, or allowed by the DIT
>>>Content Rule, can it be specified in the name form?
>>
>>No.  The naming attributes must be listed from the attributes of the
>>entry and those attributes must be allowed either the structural
>>object class of the entry or by the controlling DIT content rule.
>
>s/listed/chosen/
>
>
>>>I can't find answers to a, b, or c, in the X.500 series.
>>
>>I think the answer is primarily given in X.501.

References:
- Re: Fwd: [ldapext] modifyDN.deleteOldRDN and name forms
  - From: "Jim Sermersheim" <jimse@novell.com>

Prev by Date: RE: Another problem with abandon
Next by Date: Re: Fwd: [ldapext] modifyDN.deleteOldRDN and name forms
Index(es):
- Chronological
- Thread