ldap attribute aliases

Howard Chu hyc at highlandsun.com
Sat Jan 15 07:09:45 GMT 2005

Luke Howard wrote:

>>- When you search for 'commonName' in an OpenLDAP server you get back
>>  the attribute name 'cn', not 'commonName'. That seems very strange
>>  to me. Is that just an OpenLDAP bug? It seems to be quite strange
>>  from an API point of view, as it means that the application doing
>>  the query then has to know about the alias, which makes the alias
>>  quite useless. I would expect an LDAP server to return the name the
>>  client used, not a canonicalized name, but this is just me trying
>>  to apply common sense, not from reading the rfc.

> That's a good question -- Howard?

This is by design, yes. The OpenLDAP server returns the canonical name 
for any attributeTypes that it recognizes. The guiding policy here is 
"be liberal in what you accept, but strict in what you produce."

   -- Howard Chu
   Chief Architect, Symas Corp.       Director, Highland Sun
   http://www.symas.com               http://highlandsun.com/hyc
   Symas: Premier OpenSource Development and Support

More information about the samba-technical mailing list