ldap attribute aliases
Simo Sorce
idra at samba.org
Sat Jan 15 19:35:05 GMT 2005
On Sat, 2005-01-15 at 11:02 -0800, Howard Chu wrote:
> Simo Sorce wrote:
> > Sorry if I insist Howard,
> > I do not understand how youìre supposed to "help" older clients by
> > returning a different attribute name.
> >
> > When I ask for 'commonName' I expect to have back 'commonName' not 'cn'.
> > When I ask for 'cn' I expect to have back 'cn' not 'commonName'.
>
> What if you ask for both in the same request? Do you expect to get the
> same value returned twice, once with each name? That would be Bad, IMO,
> because that would lead users/implementers to believe that they are two
> separate attributes stored in two separate places, when in fact there is
> only one.
Well I expect the same as if you ask 2 times the same attribute, you get
back just one.
And in the case you asked it with both names, I expect to see it back
with the server preferred name.
> If the server behaved as you propose, then one would be lead to expect
> that it's OK to send a single Modify request to Replace each name with
> separate values. Such a request would succeed, but only one of the
> Replace's would be reflected in the result, and there would be no
> explanation of what happened to the other. For the server to accept a
> change but not actually store it (as would happen here) is a violation
> of the directory model.
No, I do not expect to see it coming down twice, and so I do not expect
to see applications misbehave that way.
Bu now I'm curious.
Actually, what happen if an application try to change both 'cn' and
'commonName' ?
On openLdap 2.2.13 it seem to accept the change and story only the last
one.
So now I'm confused again: is there a violation of the directory model
in openLdap 2.2.13 ? :-)
> > I'm asking because I missed the reason why openLdap return s 'cn'
> > instead of 'commonName'.
>
> This has been discussed many times before, at great length. Ultimately
> the answer is because doing so opens another can of worms that nobody
> wants to be responsible for.
Sorry I didn't know it was a touchy argument, but the way openLdap
behaves now seem rather strange to me.
> You're welcome to submit an ITS requesting this feature. Perhaps you can
> present a compelling enough argument to get the current position changed.
Wel,l if it will bother me enough I'll do, currently I prefer to get my
ldap server right, whatever "right" means in these cases :-)
Simo.
--
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
Italian Site - http://samba.xsec.it
More information about the samba-technical
mailing list