[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: understanding userid .vs. uid

Stefan Palme wrote:
> This is not a problem, just a question to understand the things
> "behind the scenes".
> I am just playing around with some LDAP frontends helping the user
> to add the correct attributes depending on the selected objectclass(es)
> when creating new LDAP entries. 
> A have tried to add an entry with objectclass "account", which requires
> an attribute "userid" and may have some more attributes. After adding
> the entry with "userid=test", the LDAP tree contained an appropriate
> entry, but the attributes "userid" is named "uid" now.
> Although I gave the entry an RDN with "userid=test", the RDH has also
> automagically changed to "uid=test". 
> Obviously, userid and uid are "the same" attribute, and here are my
> questions:

Yes, they are two NAMEs for the very same attribute type. Some schema-aware
LDAP clients don't get this right, e.g. JXplorer. Use decent LDAP client software.

> 1) The objectclass "account" is defined with "MUST userid" - but I can
>    create an "account" entry either by giving it an "userid" attribute
>    or by using "uid" - both works (I've expected the "uid" approach to
>    fail). Why?

'uid' and 'userid' represent the same attribute type.

Note that the server chooses which NAME to use in LDAP search responses. The
clients have to be prepared to handle what the server returns.

> 2) Where is the relationship between userid and uid defined? 

In the attribute type description in the server's subschema subentry.

> I've found
>    some "attributetype" definitions in the schema files (namely
>    NAME ('uid', 'userid')), but they are commented out. So is this
>    relationship hardcoded in OpenLDAP's source code?

Yes, some schema descriptions are hard-coded.

> If yes - is this
>    a standard relationship also used by other LDAP servers?

Be prepared to find different schema descriptions on other LDAP servers. Use a
decent schema browser to analyse the subschema subentry and test your client
code with every LDAP server implementation you plan to support.

> 3) Are there some more attribute pairs like userid/uid which are
>    "interchangable" in this way?

Sure. (Instead of "interchangable" I'd say an attribute type has several NAME

> If yes, can I derive the list of such
>    attributes from the schema files somehow?
> Or is there a RFC or
>    something naming all such attributes?

Schema descriptions are spread across many RFCs, Internet-Drafts and other
obscure docs. So just examine the subschema subentry of a server.

Ciao, Michael.

Michael Ströder
E-Mail: michael@stroeder.com