Re: Protocol: Add, ModDN, and RDN attrs

[Mark Smith <mcs@pearlcrescent.com>]

Jim Sermersheim wrote:
> The problem is one of consistency and proper alignment with X.500. I was 
> asked by a directory developer whether the attributes of an RDN MUST 
> also be named in the attribute list during an add. My reply was that 
> according to the protocol document and RFC 2251, yes. Then I was asked 
> how the same scenario works with Modify DN. My reply was that there was 
> no guidance. This prompted me to look at the X.500 specifications and 
> found the discrepancy.

OK; that makes sense.  We should certainly specify how things work with 
Modify DN as well as Add.


> You're right, the language in RFC 2251 is clear, but it is opposite of 
> that in X.511. Aside from possibly making some server implementations 
> overly restrictive, What justification is there to leave the language as 
> it is? I can't think of a reason as to why it would have been added 
> without an explanation as to why it is different from the instructions 
> in X.511. If we decide to leave the imperative for compatability with 
> older implementations, we need to explain why it is there.

Fair enough.  I can only speculate on why the language was included. 
Possible reasons:

1) Accidental (someone wanted to be consistent with X.511 but got it 
wrong).  I think this is an unlikely reason.

2) Intentional.  Perhaps someone thought LDAP server implementations 
would be simpler if distinguished values were included.

It seems likely that some server implementations rely on clients 
including distinguished values.  But I am not sure.  The Netscape 
implementation I used to work on was "enhanced" at some point in the 
somewhat distant past to be liberal in what it accepts and handle 
clients that include or omit such values.

-Mark