I think either you mis-read the web page, or the author is confused.
Looking at RFC 2253, it quotes X.501 which says:
DistinguishedName ::= RDNSequence
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
Note that a DN is defined as a SEQUENCE OF not a SET OF. This means that in a
DN the order is important. Within an RDN, which is defined as SET OF, the
order is not important. Unfortunately, given the standard output formats for
DN, it is hard to tell if you are seeing one RDN or multiple. In order to
know, you have to look at the schema for the directory, if you can find it. :(
Or hope that people read and follow the RFC very carefully (such as the
examples in section 5).
Shor t answer: order counts.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
