Re: [OT] Schema restrictions within eDirectory

[Marc Boorshtein]

I'm pretty sure that the RDN for an AD person HAS to be "cn" (again because it isn't an LDAP server, but it instead exposes it's self through LDAP).  The reason for the restriction by novell is data integrity.  Their schema must allow you to specify rdn attributes for each objectClass, allowing an admin to better control the data that is put in their directory.  I'm not sure if this is a standard or not however.

For AD, you can rename a "user", but you can only change the value of "cn", not which attribute is the rdn.

Marc

On 9/17/05, Stefan Zoerner <[EMAIL PROTECTED]> wrote:

Hi Marc

Marc Boorshtein wrote:
> hmm....have you tried inetOrgPeron?  Instead of "sn", try "uid"?
>
> Marc

Good idea. I assumed that inetOrgPerson will "inherit" the strange
restriction from person, but this is not the case.

The following worked. Creation of this entry:

dn: uid=szoerner,dc=labeo,dc=de
objectClass: Top
objectClass: Person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: szoerner
cn: Stefan Zoerner
sn: Zoerner

And then change it like this:

dn: uid=szoerner,dc=labeo,dc=de
changetype: modrdn
newrdn: cn=Stefan Zoerner
deleteoldrdn: 0

which leads to cn=Stefan Zoerner,dc=labeo,dc=de without any problems.
And this is an example which I was looking for. I still do not
understand the restriction for the person class (AD behaves the same,
but is the only other example I know), but I am happy.

Thanks, Stefan