Re: x500UniqueIdentifier syntax?

[Peter Marschall <peter.marschall@mayn.de>]

Hi,

On Thursday 24 January 2002 20:43, you wrote:
> I need to create directory which will possibly contain duplicated RDN
> values.
> As I understand I can use this attribute type to prevent confilcts
> between objects with duplicated RDN, can't I?
> But  when  I tried to add some object (with duplicated RDN) I got server
> error message as a result:
> Where is my fault?
> Would you please explain me correct usage of this attribute type.

I understand your question this way:
You want to enter more than one entry with the same RDN/DN into a
LDAP directory and want to distinguish them with the attribute
x500UniqueIdentifier.

The answer is simple:
This is not possible. The DN of each object has to be unique.
Values of attributes do not change this basic requirement of LDAP.

If you have to have objects with the same cn (or any other attribute,
used for naming) you may use multi-part RDNs,
This way the DNs of entries would look like
 cn=Alexander Khokhlov+uid=1111, ou=Computer Department, OU=Leftbeach branch 
office,L=Donetsk,O=Ukrsotsbank,c=UA
 cn=Alexander Khokhlov+uid=1112, ou=Computer Department, OU=Leftbeach branch 
office,L=Donetsk,O=Ukrsotsbank,c=UA

This way, the RDN  of the two entries stays unique because the uid
attribute is different for each of them.
This should also be possible with x500UniqueIdentifier instead of uid.

Please note that in another response Kurt D. Zeilenga stated:
> Anyways, I suggest you avoid multi-valued RDNs as they
> are not fully supported in 2.0 and are a generally pain
> deployment wise (due to conflicts and instability of
> value).  It's far better, IMO, to use attributes whose
> values are stable and unique (within the domain of use).

Yours
Peter

-- 
Peter Marschall     |   eMail: peter.marschall@mayn.de
Scheffelstraße 15   |          peter.marschall@is-energy.de
97072 Würzburg      |   Tel:   0931/14721
PGP:  D7 FF 20 FE E6 6B 31 74  D1 10 88 E0 3C FE 28 35