Re: Significance of name forms.
Howard Chu wrote:
Michael Ströder wrote:
> On 2015-04-30 13:37, Howard Chu wrote:
>> No. Name forms are only used when a DIT Structure Rule references them.
>
> Are you sure? If yes, then please point out what's missing herein:
PS: you should read X.501(1993) for the exact text, since LDAP must conform to
that spec. Section 12.6.
http://www.itu.int/rec/T-REC-X.501/en
Hmm...
In X.501(1993) and X.501(2010) it is simply assumed that there are *always*
DIT structure rules.
From X.501(1993) section 12.6.5 and X.501(2010) section 13.7.5:
"Each object and alias entry is governed by a single DIT structure rule"
But there's no text dealing with the LDAP implementation without governing
structure rule of an entry.
Also after re-reading X.501 it seems the diagram is correct.
This statement in my former posting is obviously corrent:
"You cannot use DIT Structure Rules without associated Name Forms."
Because connecting the governing with the superior structural rule cannot be
done without name forms.
> The governing structure rule might limit the set of possible
structural
> object classes in a part of a DIT but if absent or not applicable you
> can still limit to possible name form(s) for a chosen structural object
> class.
No, if there are no DIT structure rules then there are no constraints
whatsoever on the naming or placement of entries.
I did not find any text in X.501 or RFC 4512 which clearly says that.
Especially RFC 4512 makes DIT structure rules optional. Maybe I'm missing
something though.
I also vaguely remember having seen RFCs or I-Ds specifying name forms without
DIT structure rules. Which of course also is not a sufficient proof that name
forms apply without DIT structure rules though.
Please don't get me wrong. I just want to clarify this. Because the truly
optional use of DIT structure rules and name forms is a difficult and maybe
under-defined topic.
Ciao, Michael.
Attachments:
- smime.p7s (application/pkcs7-signature — 4.2 KB)