ldap attribute aliases
idra at samba.org
Sat Jan 15 19:35:05 GMT 2005
On Sat, 2005-01-15 at 11:02 -0800, Howard Chu wrote:
> Simo Sorce wrote:
> > Sorry if I insist Howard,
> > I do not understand how youìre supposed to "help" older clients by
> > returning a different attribute name.
> > When I ask for 'commonName' I expect to have back 'commonName' not 'cn'.
> > When I ask for 'cn' I expect to have back 'cn' not 'commonName'.
> What if you ask for both in the same request? Do you expect to get the
> same value returned twice, once with each name? That would be Bad, IMO,
> because that would lead users/implementers to believe that they are two
> separate attributes stored in two separate places, when in fact there is
> only one.
Well I expect the same as if you ask 2 times the same attribute, you get
back just one.
And in the case you asked it with both names, I expect to see it back
with the server preferred name.
> If the server behaved as you propose, then one would be lead to expect
> that it's OK to send a single Modify request to Replace each name with
> separate values. Such a request would succeed, but only one of the
> Replace's would be reflected in the result, and there would be no
> explanation of what happened to the other. For the server to accept a
> change but not actually store it (as would happen here) is a violation
> of the directory model.
No, I do not expect to see it coming down twice, and so I do not expect
to see applications misbehave that way.
Bu now I'm curious.
Actually, what happen if an application try to change both 'cn' and
On openLdap 2.2.13 it seem to accept the change and story only the last
So now I'm confused again: is there a violation of the directory model
in openLdap 2.2.13 ? :-)
> > I'm asking because I missed the reason why openLdap return s 'cn'
> > instead of 'commonName'.
> This has been discussed many times before, at great length. Ultimately
> the answer is because doing so opens another can of worms that nobody
> wants to be responsible for.
Sorry I didn't know it was a touchy argument, but the way openLdap
behaves now seem rather strange to me.
> You're welcome to submit an ITS requesting this feature. Perhaps you can
> present a compelling enough argument to get the current position changed.
Wel,l if it will bother me enough I'll do, currently I prefer to get my
ldap server right, whatever "right" means in these cases :-)
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
Italian Site - http://samba.xsec.it
More information about the samba-technical