HI!
Thanks Steven and Howard for pointing out the relevant part in X.501.
Steven Legg wrote:
Michael Ströder wrote:
Looking at section 4.1.7.2. "Name Forms" in http://www.ietf.org/rfc/rfc4512.txt it's not really clear to me whether more than one name form may be associated with the same structural object class. I think it's possible (and I've implemented it that way in web2ldap) but the server I'm currently testing with disallows it.
X.500 seems to allow it. Consider X.501:2005, Clause 13.7.2:
"If different sets of naming attributes are required for entries of a given structural object class, then a name form shall be specified for each distinct set of attributes to be used for naming."
Our server also allows it, though we impose restrictions so that there is always only one possible name form that could apply to any given combination of RDN and structural object class.
Hmm, it would be interesting to test this whole stuff against different LDAP server implementations supporting DIT structure rules and name forms (and publishing these schema elements in subschema subentry).
Ciao, Michael.