Michael Ströder wrote:
Howard Chu wrote:
> Michael Ströder wrote:
>> On 2015-04-30 13:37, Howard Chu wrote:
>>> No. Name forms are only used when a DIT Structure Rule references them.
>> Are you sure? If yes, then please point out what's missing herein:
> PS: you should read X.501(1993) for the exact text, since LDAP must
> conform to
> that spec. Section 12.6.
In X.501(1993) and X.501(2010) it is simply assumed that there are
*always* DIT structure rules.
From X.501(1993) section 12.6.5 and X.501(2010) section 13.7.5:
"Each object and alias entry is governed by a single DIT structure rule"
But there's no text dealing with the LDAP implementation without
governing structure rule of an entry.
Name Forms are a component of DIT Structure Rules. If you don't use DIT
Structure Rules, then you don't have name forms either.
Also after re-reading X.501 it seems the diagram is correct.
This statement in my former posting is obviously corrent:
"You cannot use DIT Structure Rules without associated Name Forms."
Because connecting the governing with the superior structural rule
cannot be done without name forms.
>> The governing structure rule might limit the set of possible structural
>> object classes in a part of a DIT but if absent or not applicable you
>> can still limit to possible name form(s) for a chosen structural object
> No, if there are no DIT structure rules then there are no constraints
> whatsoever on the naming or placement of entries.
I did not find any text in X.501 or RFC 4512 which clearly says that.
Especially RFC 4512 makes DIT structure rules optional. Maybe I'm
missing something though.
A name form is only a primitive element of the full specification
required to constrain the form of the DIT to that
required by the administrative and naming authorities that determine the
naming policies of a given region of the DIT.
The remaining aspects of the specification of DIT structure are
discussed in 12.6.5.
12.6.5 defines DIT Structure Rules.
I also vaguely remember having seen RFCs or I-Ds specifying name forms
without DIT structure rules. Which of course also is not a sufficient
proof that name forms apply without DIT structure rules though.
Please don't get me wrong. I just want to clarify this. Because the
truly optional use of DIT structure rules and name forms is a difficult
and maybe under-defined topic.
It is completely defined. Name Forms have no meaning on their own. They
only have any significance when used in a DIT Structure Rule.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/