Re: Distinguished Name and Entry values

[Jan-Michael Ong <jmong@adobe.com>]

hello,

yes it depends on how you declare the entry. certain entries require 
certain attributes that MUST be filled in. For example, if you have

dn: cn=xyz,ou=abc,o=ddd,c=sss.com

then typically an entry like this could be defined as

dn: cn=xyz,ou=abc,o=ddd,c=sss.com
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:inetOrgPerson

in which case, the objectClass dictates what components are required and 
what are obligatory (check core.schema inetorgperson.schema etc in 
/usr/local/etc/openldap/schema). So in the definition above

cn is required for objectclass person.

For the others such as ou, o and c, these should have already been defined 
but if not then yes, they must exist as well

Typically I use

dn: cn=myname,ou=sub_sub_group,ou=subgroup,o=mycompany

so i have the following definitions:

dn: o=mycompany
objectclass: top
objectclass: organization
o: mycompany

dn: ou=subgroup, o=mycompany
objectclass: top
objectclass: organizationalunit
ou: mycompany

dn: ou=sub_sub_group, ou=subgroup, o=mycompany
objectclass: top
objectclass: organizationalunit
ou: sub_sub_group

I hope that helps. Good luck!

jm






At 10:21 PM 11/9/2001 +0800, you wrote:
> Hi, all
>
> Let's say I have dn : cn=xyz, ou=abc, o=ddd,c=ss
> So , does that mean that I muz have the following as the
> attribute values.
> cn: xyz
> ou:abc
> o:ddd
> c:ss
>
> Any reason for doing that?
>
> Thanz a lot
>
> sze yee