Stefan Palme wrote:
This is not a problem, just a question to understand the things "behind the scenes".
I am just playing around with some LDAP frontends helping the user to add the correct attributes depending on the selected objectclass(es) when creating new LDAP entries.
A have tried to add an entry with objectclass "account", which requires an attribute "userid" and may have some more attributes. After adding the entry with "userid=test", the LDAP tree contained an appropriate entry, but the attributes "userid" is named "uid" now.
Although I gave the entry an RDN with "userid=test", the RDH has also automagically changed to "uid=test".
Obviously, userid and uid are "the same" attribute, and here are my questions:
Yes, they are two NAMEs for the very same attribute type. Some schema-aware LDAP clients don't get this right, e.g. JXplorer. Use decent LDAP client software.
- The objectclass "account" is defined with "MUST userid" - but I can create an "account" entry either by giving it an "userid" attribute or by using "uid" - both works (I've expected the "uid" approach to fail). Why?
'uid' and 'userid' represent the same attribute type.
Note that the server chooses which NAME to use in LDAP search responses. The clients have to be prepared to handle what the server returns.
- Where is the relationship between userid and uid defined?
In the attribute type description in the server's subschema subentry.
I've found some "attributetype" definitions in the schema files (namely NAME ('uid', 'userid')), but they are commented out. So is this relationship hardcoded in OpenLDAP's source code?
Yes, some schema descriptions are hard-coded.
If yes - is this a standard relationship also used by other LDAP servers?
Be prepared to find different schema descriptions on other LDAP servers. Use a decent schema browser to analyse the subschema subentry and test your client code with every LDAP server implementation you plan to support.
- Are there some more attribute pairs like userid/uid which are "interchangable" in this way?
Sure. (Instead of "interchangable" I'd say an attribute type has several NAME aliases.)
If yes, can I derive the list of such attributes from the schema files somehow? Or is there a RFC or something naming all such attributes?
Schema descriptions are spread across many RFCs, Internet-Drafts and other obscure docs. So just examine the subschema subentry of a server.
Ciao, Michael.