ldap attribute aliases
hyc at highlandsun.com
Sat Jan 15 19:02:10 GMT 2005
Simo Sorce wrote:
> Sorry if I insist Howard,
> I do not understand how youìre supposed to "help" older clients by
> returning a different attribute name.
> When I ask for 'commonName' I expect to have back 'commonName' not 'cn'.
> When I ask for 'cn' I expect to have back 'cn' not 'commonName'.
What if you ask for both in the same request? Do you expect to get the
same value returned twice, once with each name? That would be Bad, IMO,
because that would lead users/implementers to believe that they are two
separate attributes stored in two separate places, when in fact there is
If the server behaved as you propose, then one would be lead to expect
that it's OK to send a single Modify request to Replace each name with
separate values. Such a request would succeed, but only one of the
Replace's would be reflected in the result, and there would be no
explanation of what happened to the other. For the server to accept a
change but not actually store it (as would happen here) is a violation
of the directory model.
> I'm asking because I missed the reason why openLdap return s 'cn'
> instead of 'commonName'.
This has been discussed many times before, at great length. Ultimately
the answer is because doing so opens another can of worms that nobody
wants to be responsible for.
> If I get you right you're saying that newer application should never ask
> for "commonName" but only for "cn", I'm fine with that, but I do not
> understand how that relates with the name of the attribute returned by
> the server, if they are used to aid transition I think it should try to
> accomodate older applications by 'speaking' their language and returning
> the attribute name in the form they show to be using ...
You're welcome to submit an ITS requesting this feature. Perhaps you can
present a compelling enough argument to get the current position changed.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support
More information about the samba-technical