Thanks Steven and Howard for pointing out the relevant part in X.501.
Steven Legg wrote:
Michael Ströder wrote:
> Looking at section 220.127.116.11. "Name Forms" in
it's not really clear to me
> whether more than one name form may be associated with the same
> structural object class. I think it's possible (and I've implemented
> it that way in web2ldap) but the server I'm currently testing with
> disallows it.
X.500 seems to allow it. Consider X.501:2005, Clause 13.7.2:
"If different sets of naming attributes are required for entries of a
given structural object class, then a name form shall be specified for
each distinct set of attributes to be used for naming."
Our server also allows it, though we impose restrictions so that
there is always only one possible name form that could apply to any
given combination of RDN and structural object class.
Hmm, it would be interesting to test this whole stuff against different
LDAP server implementations supporting DIT structure rules and name
forms (and publishing these schema elements in subschema subentry).