Hallvard B Furuseth wrote:
Surely an attribute with the Name and Optional UID syntax ought to be useful for this somehow, even if I can't think of how at the moment:-)
Heh, that's an easy trap to fall into. "Surely this thing is useful for *something*" No, it's not.
NameAndOptionalUID is only usable for referencing a specific entry from within an attribute of another entry. It is *not* usable for *naming* an entry.
That is, a DN optionally followed by #<bitstring> used to disambiguate several entries with the same "effective" DN. Maybe combined with an attribute with a copy of entries' entryUUID attribute, and an index on entryUUID. That's a unique ID which OpenLDAP generates for each entry, and which does not change even when the entry is renamed.
The UID part of NameAndOptionalUID *must* be the value of the x500UniqueID attribute of the referenced entry; you don't get to choose some other identifier for the purpose. You'll have to invent some other syntax for a NameAndUUID type...