Re: Significance of name forms.

Howard Chu wrote: > Michael Ströder wrote: >> On 2015-04-30 13:37, Howard Chu wrote: >>> No. Name forms are only used when a DIT Structure Rule references them. >> >> Are you sure? If yes, then please point out what's missing herein: > > PS: you should read X.501(1993) for the exact text, since LDAP must > conform to > that spec. Section 12.6. > > http://www.itu.int/rec/T-REC-X.501/en Hmm... In X.501(1993) and X.501(2010) it is simply assumed that there are *always* DIT structure rules. From X.501(1993) section 12.6.5 and X.501(2010) section 13.7.5: "Each object and alias entry is governed by a single DIT structure rule" But there's no text dealing with the LDAP implementation without governing structure rule of an entry.

>> http://www.stroeder.com/img/LDAP_Schema_References.png Also after re-reading X.501 it seems the diagram is correct. This statement in my former posting is obviously corrent: "You cannot use DIT Structure Rules without associated Name Forms." Because connecting the governing with the superior structural rule cannot be done without name forms. >> The governing structure rule might limit the set of possible structural >> object classes in a part of a DIT but if absent or not applicable you >> can still limit to possible name form(s) for a chosen structural object >> class. > > No, if there are no DIT structure rules then there are no constraints > whatsoever on the naming or placement of entries. I did not find any text in X.501 or RFC 4512 which clearly says that. Especially RFC 4512 makes DIT structure rules optional. Maybe I'm missing something though.

I also vaguely remember having seen RFCs or I-Ds specifying name forms without DIT structure rules. Which of course also is not a sufficient proof that name forms apply without DIT structure rules though. Please don't get me wrong. I just want to clarify this. Because the truly optional use of DIT structure rules and name forms is a difficult and maybe under-defined topic.