[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Significance of name forms.

To: Michael Ströder <michael@stroeder.com>, openldap-technical@openldap.org
Subject: Re: Significance of name forms.
From: Howard Chu <hyc@symas.com>
Date: Thu, 30 Apr 2015 19:05:46 +0100
In-reply-to: <55426251.6010501@stroeder.com>
References: <5541D66C.2010704@gmail.com> <554213E9.9030406@symas.com> <55422606.40002@stroeder.com> <55422F1E.7020506@symas.com> <55424261.6000004@stroeder.com> <5542590D.8050000@symas.com> <55426251.6010501@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 SeaMonkey/2.37a1

Michael Ströder wrote:

Howard Chu wrote:

Michael Ströder wrote:

I did not find any text in X.501 or RFC 4512 which clearly says that.
Especially RFC 4512 makes DIT structure rules optional. Maybe I'm
missing something though.


12.6.2

A name form is only a primitive element of the full specification
required to
constrain the form of the DIT to that
required by the administrative and naming authorities that determine the
naming policies of a given region of the DIT.
The remaining aspects of the specification of DIT structure are
discussed in
12.6.5.

12.6.5 defines DIT Structure Rules.


I already read this text carefully and I do see that there is some
justification for your interpretation. But still I'm not 100% convinced
because the X.501 text is written under the assumption that there is
always a governing structure rule (besides one corner-case clarified in
X.501(2010)).

And it seems I'm not the only one who interpreted it differently:

https://lists.forgerock.org/pipermail/opendj/2015-April/004508.html

I don't claim to know *the* right interpretation. I'd vote to ask other
vendors. I'd happily correct this in web2ldap if needed.


Any other interpretation is nonsense.

1) an entry may have multiple object classes but there is only onestructuralObjectClass that governs the entry.

2) a schema may have many nameForms defined, and many DIT StructureRules defined, but there is only one that governs a given entry.


Both of those facts are indisputable.

Now - nameForms only specify a structuralObjectClass that they control.It's up to the DIT Structure Rule to define where in the DIT they takeeffect.

If you have a schema with multiple nameForms defined, and you take yourinterpretation that nameForms take effect in the absence of DITStructure Rules, then you get the nonsensical case of multiple nameFormsapplying to a single entry. That is already explicitly prohibited in thespec.

The spec is not under-defined. This is not an "interpretation" - theseare facts.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Significance of name forms.
  - From: Michael Ströder <michael@stroeder.com>

References:
- Significance of name forms.
  - From: dE <de.techno@gmail.com>
- Re: Significance of name forms.
  - From: Howard Chu <hyc@symas.com>
- Re: Significance of name forms.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Significance of name forms.
  - From: Howard Chu <hyc@symas.com>
- Re: Significance of name forms.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Significance of name forms.
  - From: Howard Chu <hyc@symas.com>
- Re: Significance of name forms.
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: RE: getent passwd only catch local user passwd
Next by Date: Re: Significance of name forms.
Index(es):
- Chronological
- Thread