[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Troubles with Country (c) attribute limited to two characters

Adam Tauno Williams writes:
>> OK, I understand that this is happening because of schema violation,
>> but nevertheless, I still need some advices or tips, how to avoid
>> getting into trubles when upgrading the servers. Is there an easy way
>> to get rid of the problem, but still using this type of suffix with
>> country value longer that 2 characters?
> Slapcat and fix the values;  the 2 character abbreviations are an ISO
> standard you can download.  Modify your application to only accept
> legitimate country codes.
> <http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_elements.htm>

Or use 'co' (friendlyCountryName) from cosine.schema instead, though a
'c' attribute is required as well for friendlyCountry objects.

Or if renaming the DIT is not feasible in the short run, edit
core.schema for now and put back the OpenLDAP 2.3 definition of 'c',
which came from RFC 2256.  OpenLDAP 2.4 uses the RFC 4519 definition,
which matches the X.500 definition.  Note that editing an existing
attribute's schema definition also requires a slapcat/slapadd.
This will not interoperate with other software which expect 2-letter
'c' attributes, so you do need to move away from your current DIT.

Maybe attributes exist somewhere for 3-letter and numberic 3-digit
country codes as well.  If not, you could submit an internet-draft for
such attributes.  Or suggest changing 'c' to allow both 2- and 3-letter
codes, though I doubt that would be accepted.  The latter would also
need to be coordinated with an X.500 change.