Zhang Weiwu wrote:
I don't understand why 'c' do have the superior 'NAME'. We have another attribute defined as "Country String" which don't have any superior, which seems working fine. Why not OpenLDAP change 'c' definition to not to SUP name and stand on its own?
With respect to inheritance vs. specifying a syntax within the definition of an attribute, this is explicitly allowed by RFC4512.
With respect to 'c' being defined that way, that's how it's defined in RFC4519, in full compliance with RFC4512, since the "Country String" syntax is an exact subset of the "Directory String" syntax, which is the syntax of 'name'.
I agree right now the specification of 'c' is broken, which was probably caused by a limitation in current OpenLDAP software. I don't see much value in moving from one broken specification which allows interoperability (you can set the right values and you can exploit inheritance, but you can also set incorrect values) to another broken specification that breaks interoperability (you can only set the right values, but you lose inheritance). I'd rather fix (pardon, enhance) OpenLDAP to allow the right specification. That's why I ask you to file an ITS.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------