Some of you guys were discussing the unspoken aspects of DNs regarding
case and normalization rules.
Remember the conversations regarding the name parser and normalization?
Here are two emails from a umich/OpenLDAP list clarifying the
normalization rules. Not this is in the server side context which
effects clients. Basically the schema of the attributeType for the RDN
within a DN determines the case of the value as well as the whitespace
normalization rules.
Alex
--- Begin Message ---
LDAP list digest wrote:
Subject: Are DN's case-insensitive ? Getting error when adding LDIF via slapadd
From: Robert Gomezi <[EMAIL PROTECTED]>
Date: Fri, 3 Jun 2005 06:16:51 +0800
Are DN's case-insensitive ?
The one-word answers you've received so far don't tell the story at all.
A DN is a sequence of RDNs. An RDN is a sequence of Attribute-value
pairs. Each attribute has its own schema definition with its own
governing rules. Some attributes are case-sensitive, some are not. As
such, a complete DN may have components that are case-sensitive as well
as case-insensitive.
What about attributes in an LDIF entry ?
Does case-sensitivity impact them when adding to an LDAP server
The schema that governs an attribute is applied regardless of where the
attribute is used.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
---
You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
--- End Message ---
--- Begin Message ---
Robert Gomezi wrote:
>>>Are DN's case-insensitive ?
>>
>>Yes.
>
> Is this specific to OpenLDAP or this exists in any LDAP server ?
It is not specific to OpenLDAP.
Sorry, my answer was too short. Howard gave the complete answer.
Back to your example:
dn: cn=Jane Doe, ou=addressbook, dc=example, dc=com
You are using the attributes cn, ou, dc which are all defined with
case-insensitive matching on every LDAPv3 server I know of (watch out
the EQUALITY declaration). Therefore the whole DN is case-insensitive.
Declaration of 'dc' from my sub schema (OpenLDAP):
( 0.9.2342.19200300.100.1.25
NAME ( 'dc' 'domainComponent' )
DESC 'RFC1274/2247:domaincomponent'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
'ou' and 'cn' are both derived from 'name':
( 2.5.4.41
NAME 'name'
DESC 'RFC2256:commonsupertypeofnameattributes'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{32768} )
> Michael, I meant attribute values. My reading of attribute syntax defined here
> http://ldap.akbkhome.com/index.php/syntax.html did not show anything
> which specified case sensitivity whilst adding an LDIF entry. My
> understanding is that case sensitivity came into play only when
> searching for that attribute
It comes into play when matching values. This is also done when adding /
modifying entries.
Use a decent schema viewer browsing the sub schema of your own LDAP
server. Maybe this URL gives you an idea:
http://sites.inka.de/ms/cgi-bin/web2ldap.fcgi/oid?ldap://ldap.openldap.org/dc=openldap,dc=org
It shows cross-references back and forth between attribute types, LDAP
syntaxes, matching rules and matching rule uses.
You can point it to your own LDAP server if it's directly connected to
the Internet by changing the LDAP URL in the query string.
Ciao, Michael.
---
You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
--- End Message ---
