Thanks very much Alex and Stefan for your comments and tests !
<snip/>
2) Regarding missing attributes
2-a)
If we have a RDN with an attribute not declared as an attribute of
the entry, its should be rejected, as stated by RFC 2251 ( 4.7. Add
Operation :
"...
- attributes: the list of attributes that make up the content of the
entry being added. Clients MUST include distinguished values
(those forming the entry's own RDN) in this list,..."
Q : Is that ok with you to reject such entries ?
I tried to add the following entry via JNDI call
dn: cn=Kate Bush,dc=example,dc=com
objectclass: top
objectclass: person
sn: Bush
(1) IBM Tivoli Directory Server 6.0 creates the entry, and adds the
missing cn attribute. The entry looks like this after creation:
<snip/>
(2) Sun Java System Directory Server 5.2 behaves the same.
(3) OpenLDAP 2.3 as well.
So at least these three servers do not reject such an entry. I
understand your cite from the RFC differently. But should we behave
other like major players (I assume Fedora and Red Hat behave like Sun
does).
With this last example though CN is allowed to be added by the schema
I think because it is a MAY attribute in person. In this case
ApacheDS will add the attribute I think. It should if I remember
correctly.
However we should get a naming violation if we try to add CN to an
entry that does not support a USER_APPLICATION attributeType used in
the RDN.
Alex
yeah, I agree : if the entry list of objectclasses (explicit or implied)
allow such an attribute, then it should be added into the entry.
Ok, great... I think I know what my week-end will be all about :)
Emmanuel
