ldap attribute aliases
Andrew Tridgell
tridge at osdl.org
Sat Jan 15 01:57:26 GMT 2005
I've been looking into ldap attribute aliases a little more, and have
some confusing results.
I initially thought that we should implement a general attribute alias
mechanism, which is pretty simple to do, as I thought they were common
in LDAP. For example "surname" is an alias for "sn" and "commonName"
is an alias for "cn".
The things that have me confused are:
- The w2k3 LDAP server doesn't seem to know about these standard
aliases. A search for 'cn' works, but 'commonName' doesn't.
- w2k3 does know that distinguishedName is an alias for dn, and when
you search for distinguishedName you get back an attribute with the
name 'distinguishedName', which is what I would expect.
- I haven't found any other examples of working aliases on my w2k3
box. Is this really the only one?
- When you search for 'commonName' in an OpenLDAP server you get back
the attribute name 'cn', not 'commonName'. That seems very strange
to me. Is that just an OpenLDAP bug? It seems to be quite strange
from an API point of view, as it means that the application doing
the query then has to know about the alias, which makes the alias
quite useless. I would expect an LDAP server to return the name the
client used, not a canonicalized name, but this is just me trying
to apply common sense, not from reading the rfc.
What I suspect is happening is that the w2k3 LDAP server does not
support aliases at all, and that 'distinguishedName' is just an
operational attribute (one that is auto-generated when asked for).
Can anyone who is more familiar with LDAP confirm this for me? Jerry?
LukeH ?
Cheers, Tridge
More information about the samba-technical
mailing list