[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Significance of name forms.

To: openldap-technical@openldap.org
Subject: Re: Significance of name forms.
From: dE <de.techno@gmail.com>
Date: Fri, 01 May 2015 07:27:32 +0530
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=7brQloPfiTqYv1AIqjftaR1lzeHpXxgOFS9Q5h9yrDM=; b=ayje2VCai1ozHNnefAnsdGN1EsuLea9uCFEGbsBONwyox6kEd06HO0JpdVyctplb0E 7tTQGKKaiI1RtfH8651wX45w61DEIl3kpgeFTlBsKqJpxci8Q3bxuEFAZWIKrjItGvmO P78sU07/fZlA5+9E/wGGhBxb06SYF8RRov9TrnPQN7VMwz6bRZFmOSqdHDPpqeQzznkG mUSsQ0BuTAk7UNBOfWkm4wT3FM9EDEiye8YaMLuqKWDEuOPVXfZbqyC+qgAGkE8VtIDR qRkPJGA3VTF3tfHoZqI/19J76BqNJpiuYAiSnOG1KexZbhta1XQOoe8vksvCF9JCi6Tv ei6Q==
In-reply-to: <5542590D.8050000@symas.com>
References: <5541D66C.2010704@gmail.com> <554213E9.9030406@symas.com> <55422606.40002@stroeder.com> <55422F1E.7020506@symas.com> <55424261.6000004@stroeder.com> <5542590D.8050000@symas.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

On 04/30/15 22:02, Howard Chu wrote:

Michael Ströder wrote:
Howard Chu wrote:
Michael Ströder wrote:
On 2015-04-30 13:37, Howard Chu wrote:
No. Name forms are only used when a DIT Structure Rule referencesthem.
Are you sure? If yes, then please point out what's missing herein:
PS: you should read X.501(1993) for the exact text, since LDAP must
conform to
that spec. Section 12.6.

http://www.itu.int/rec/T-REC-X.501/en
Hmm...

In X.501(1993) and X.501(2010) it is simply assumed that there are
*always* DIT structure rules.

 From X.501(1993) section 12.6.5 and X.501(2010) section 13.7.5:
"Each object and alias entry is governed by a single DIT structure rule"

But there's no text dealing with the LDAP implementation without
governing structure rule of an entry.
Name Forms are a component of DIT Structure Rules. If you don't useDIT Structure Rules, then you don't have name forms either.
http://www.stroeder.com/img/LDAP_Schema_References.png
Also after re-reading X.501 it seems the diagram is correct.

This statement in my former posting is obviously corrent:

"You cannot use DIT Structure Rules without associated Name Forms."

Because connecting the governing with the superior structural rule
cannot be done without name forms.
The governing structure rule might limit the set of possiblestructural
object classes in a part of a DIT but if absent or not applicable you
can still limit to possible name form(s) for a chosen structuralobject
class.
No, if there are no DIT structure rules then there are no constraints
whatsoever on the naming or placement of entries.
I did not find any text in X.501 or RFC 4512 which clearly says that.
Especially RFC 4512 makes DIT structure rules optional. Maybe I'm
missing something though.
12.6.2
A name form is only a primitive element of the full specificationrequired to constrain the form of the DIT to thatrequired by the administrative and naming authorities that determinethe naming policies of a given region of the DIT.The remaining aspects of the specification of DIT structure arediscussed in 12.6.5.


RFC 4512 quotes

Name forms are primitive pieces of specification used in the
   definition of DIT structure rules

So it explicitly specifics no other use apart from DIT structure rules.However it does not say that "these rules do not apply without anassociated DIT structure rule" neither it says it does.

Prev by Date: Re: idassert-bind seems to ignore binddn
Next by Date: Re: Significance of name forms.
Index(es):
- Chronological
- Thread