[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
attribute length restrictions
Hi,
it seems there is a mismatch between length restrictions for standard
attribute types as specified in X.520v3 and LDAPv3:
X.520, section 5.2.2
commonName ATTRIBUTE ::= {
SUBTYPE OF name
WITH SYNTAX DirectoryString {ub-common-name}
ID id-at-commonName }
X.520, annex C
ub-name INTEGER ::= 32768
ub-common-name INTEGER ::= 64
(Note: In X520_4thEditionDraftv5 ub-name now also is 64.)
draft-ietf-ldapbis-user-schema-00, section 3.2.2
( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
draft-ietf-ldapbis-user-schema-00, section 3.2.38
( 2.5.4.3 NAME 'cn' SUP name )
This would restrict commonName in X.500 to 64 characters, while it could
hold up to 32768 characters in LDAP. Same for o and ou (and sn?). Has this
deviation been made deliberately?
P.S.: Personally, I would like to use the larger limits because in Germany
names for academic institutions easily exceed 64 characters. However, this
would probably lead to problems in maintaining an identical data set on the
FLDSA and standalone LDAP servers.
--
Norbert Klasen
DAASI International GmbH phone: +49 7071 2970336
Wilhelmstr. 106 fax: +49 7071 295114
72074 Tübingen email: norbert.klasen@daasi.de
Germany web: http://www.daasi.de