[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Dinsinguished names returned by an LDAP server



Frédéric Poels wrote:
> 
> Good morning!
> 
> I'm working with various LDAP servers and I'm trying to make them work
> together. One of them returns distinguished names formatted this way:
> cn = "foo" ; o = "bar" ; c = "here" (1)
> While all other use the following format:
> cn=foo,o=bar,c=here (2)
> 
> Is (1) "standard"?

I think it is deprecated.  But it has to be accepted, even in
implementations of LDAPv3.  According to RFC2253:

   The syntax given in this document is more restrictive than the syntax
   in RFC 1779.  Implementations parsing a string generated by an LDAPv2
   client MUST accept the syntax of RFC 1779.  Implementations MUST NOT,
   however, generate any of the RFC 1779 encodings which are not
   described above in section 2.

   Implementations MUST allow a semicolon character to be used instead
   of a comma to separate RDNs in a distinguished name, and MUST also
   allow whitespace characters to be present on either side of the comma
   or semicolon.  The whitespace characters are ignored, and the
   semicolon replaced with a comma.

> What is the standard? Where is it defined (which RFC)?

RFC1779 for LDAPv2, RFC2253 for LDAPv3.  For all purposes, semicolon
must not be generated, but must be recognized and accepted.

> Most clients crash when they receive (1)...

They are broken.

Julio