ldap attribute aliases

Simo Sorce idra at samba.org
Sat Jan 15 19:35:05 GMT 2005

On Sat, 2005-01-15 at 11:02 -0800, Howard Chu wrote:
> Simo Sorce wrote:
> > Sorry if I insist Howard,
> > I do not understand how youìre supposed to "help" older clients by
> > returning a different attribute name.
> > 
> > When I ask for 'commonName' I expect to have back 'commonName' not 'cn'.
> > When I ask for 'cn' I expect to have back 'cn' not 'commonName'.
> What if you ask for both in the same request? Do you expect to get the 
> same value returned twice, once with each name? That would be Bad, IMO, 
> because that would lead users/implementers to believe that they are two 
> separate attributes stored in two separate places, when in fact there is 
> only one.

Well I expect the same as if you ask 2 times the same attribute, you get
back just one.
And in the case you asked it with both names, I expect to see it back
with the server preferred name.

> If the server behaved as you propose, then one would be lead to expect 
> that it's OK to send a single Modify request to Replace each name with 
> separate values. Such a request would succeed, but only one of the 
> Replace's would be reflected in the result, and there would be no 
> explanation of what happened to the other. For the server to accept a 
> change but not actually store it (as would happen here) is a violation 
> of the directory model.

No, I do not expect to see it coming down twice, and so I do not expect
to see applications misbehave that way.

Bu now I'm curious.
Actually, what happen if an application try to change both 'cn' and
'commonName' ?
On openLdap 2.2.13 it seem to accept the change and story only the last
So now I'm confused again: is there a violation of the directory model
in openLdap 2.2.13 ? :-)

> > I'm asking because I missed the reason why openLdap return s 'cn'
> > instead of 'commonName'.
> This has been discussed many times before, at great length. Ultimately 
> the answer is because doing so opens another can of worms that nobody 
> wants to be responsible for.

Sorry I didn't know it was a touchy argument, but the way openLdap
behaves now seem rather strange to me.

> You're welcome to submit an ITS requesting this feature. Perhaps you can 
> present a compelling enough argument to get the current position changed.

Wel,l if it will bother me enough I'll do, currently I prefer to get my
ldap server right, whatever "right" means in these cases :-)


Simo Sorce    -  idra at samba.org
Samba Team    -  http://www.samba.org
Italian Site  -  http://samba.xsec.it

More information about the samba-technical mailing list