Pierangelo Masarati writes:
But IMO it's worth thinking about how to deal in slapd with the wording "MAY or MAY NOT include the RDN attribute(s)" found in RFC4511 today.
The more I re-read that sentence, the more I think OpenLDAP's slapd still behaves correctly (or, the spec is ambiguous). (...) unless the meaning of "ensure" requires the server to proactively modify the request to "ensure" it complies, simply analyzing it and returning an error code if it doesn't comply, IMHO, complies with the spec.
You are confusing the protocol request with the directory entry. The server does not modify the request. It acts on the request. The requested action includes to create a directory entry with the attributes mentioned in the request and some not mentioned in the request. The latter include the naming attributes if needed, and various operational attributes like createTimestamp.