[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with CN containg multiple spaces

At 12:11 AM 1/5/2005, Robert Waldner wrote:
>On Tue, 04 Jan 2005 23:42:39 +0100, Pierangelo Masarati writes:
>>>The problem is that there are a couple DNs which only differ in the 
>>> amount of spaces in the CN, eg
>>>    CN=Doe\, John,OU=Users,DC=local
>>>    CN=Doe\,  John,OU=Users,DC=local
>>As per directoryString syntax (the syntax used by the "cn" attribute 
>>inside your DN), multiple spaces are treated as a single space when the 
>>DN is normalized/prettified.  As a consequence, although differently 
>>represented, the two DNs you show are exactly the same when compared.
>Where is the directoryString syntax specified? I can't find it in the 
> schema-files, and in RFC2252/2253 there's no mention of any prettyfying
> I can find.

Ando wasn't precise enough.  DN matching is done using the
distinguishedNameMatch rule, which calls for each AVA in the DN
to be matched according to the rule applicable to the attribute,
in this case CN.  Values of CN are matched using caseIgnoreMatch
rule.  The caseIgnoreMatch rule redundant white space is to be

The two DN strings above are equivalent.

directoryString and various string matching rules are specified,
for use in LDAP, in RFC 2252.  However, these specifications
rely on underlying X.500 semantics... to be found in X.500