[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: zero-len RDNs

To: Jim Sermersheim <JIMSE@novell.com>, ietf-ldapext@netscape.com
Subject: RE: zero-len RDNs
From: "Ramsay, Ron" <Ron.Ramsay@ca.com>
Date: Thu, 21 Sep 2000 10:57:21 +1100

Jim,
 
Considering only cn=, X.520(1993) defines DirectoryString as
 
DirectoryString { INTEGER:maxSize } ::= CHOICE {
    teletexString         TeletexString (SIZE(1..maxSize)),
    printableString      PrintableString (SIZE(1..maxSize)),
    universalString     UniversalString (SIZE(1..maxSize)) }
 
The definition has changed over time but I doubt that the constraints have
been dropped. Therefore, a commonName value must have at least one character
(of the character set).
 
Ron.

-----Original Message-----
From: Jim Sermersheim [mailto:JIMSE@novell.com]
Sent: Thursday, 21 September 2000 3:39
To: ietf-ldapext@netscape.com
Subject: zero-len RDNs


Hey all.
 
Recently I've encountered a problem where someone was able to add an entry
with a zero length RDN, and then was not able to read the entry back. For
example, this entry was created:
 
dn: cn=,o=bar
 
I'm trying to resolve which half of the problem is the real problem
(allowing such an addition, or not being able to resolve the name) and have
concluded that both X.501 and RFC 2253 allow you to create an entry with a
zero length RDN.
 
Can anyone verify or dismiss this? It doesn't feel right, but I can't find
anywhere in the spec's that disallow it.
 
Thanks. 
 
Jim

Prev by Date: Re: zero-len RDNs
Next by Date: phone rates
Index(es):
- Chronological
- Thread