Hi all,
This is not a problem, just a question to understand the things "behind the scenes".
I am just playing around with some LDAP frontends helping the user to add the correct attributes depending on the selected objectclass(es) when creating new LDAP entries.
A have tried to add an entry with objectclass "account", which requires an attribute "userid" and may have some more attributes. After adding the entry with "userid=test", the LDAP tree contained an appropriate entry, but the attributes "userid" is named "uid" now.
Although I gave the entry an RDN with "userid=test", the RDH has also automagically changed to "uid=test".
Obviously, userid and uid are "the same" attribute, and here are my questions:
1) The objectclass "account" is defined with "MUST userid" - but I can create an "account" entry either by giving it an "userid" attribute or by using "uid" - both works (I've expected the "uid" approach to fail). Why?
2) Where is the relationship between userid and uid defined? I've found some "attributetype" definitions in the schema files (namely NAME ('uid', 'userid')), but they are commented out. So is this relationship hardcoded in OpenLDAP's source code? If yes - is this a standard relationship also used by other LDAP servers?
3) Are there some more attribute pairs like userid/uid which are "interchangable" in this way? If yes, can I derive the list of such attributes from the schema files somehow? Or is there a RFC or something naming all such attributes?
Thanks and regards -stefan-
--On Wednesday, January 27, 2010 12:58 PM +0100 Stefan Palme palme@kapott.org wrote:
Hi all,
This is not a problem, just a question to understand the things "behind the scenes".
I am just playing around with some LDAP frontends helping the user to add the correct attributes depending on the selected objectclass(es) when creating new LDAP entries.
A have tried to add an entry with objectclass "account", which requires an attribute "userid" and may have some more attributes. After adding the entry with "userid=test", the LDAP tree contained an appropriate entry, but the attributes "userid" is named "uid" now.
userid is an alias for uid. Just like gn is an alias for givenName, etc. I suggest reading up further on schema definitions. These are all defined by RFC's, so as long as the directory server you are using is RFC compliant, you'll get the same behavior, regardless.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Stefan Palme wrote:
This is not a problem, just a question to understand the things "behind the scenes".
I am just playing around with some LDAP frontends helping the user to add the correct attributes depending on the selected objectclass(es) when creating new LDAP entries.
A have tried to add an entry with objectclass "account", which requires an attribute "userid" and may have some more attributes. After adding the entry with "userid=test", the LDAP tree contained an appropriate entry, but the attributes "userid" is named "uid" now.
Although I gave the entry an RDN with "userid=test", the RDH has also automagically changed to "uid=test".
Obviously, userid and uid are "the same" attribute, and here are my questions:
Yes, they are two NAMEs for the very same attribute type. Some schema-aware LDAP clients don't get this right, e.g. JXplorer. Use decent LDAP client software.
- The objectclass "account" is defined with "MUST userid" - but I can create an "account" entry either by giving it an "userid" attribute or by using "uid" - both works (I've expected the "uid" approach to fail). Why?
'uid' and 'userid' represent the same attribute type.
Note that the server chooses which NAME to use in LDAP search responses. The clients have to be prepared to handle what the server returns.
- Where is the relationship between userid and uid defined?
In the attribute type description in the server's subschema subentry.
I've found some "attributetype" definitions in the schema files (namely NAME ('uid', 'userid')), but they are commented out. So is this relationship hardcoded in OpenLDAP's source code?
Yes, some schema descriptions are hard-coded.
If yes - is this a standard relationship also used by other LDAP servers?
Be prepared to find different schema descriptions on other LDAP servers. Use a decent schema browser to analyse the subschema subentry and test your client code with every LDAP server implementation you plan to support.
- Are there some more attribute pairs like userid/uid which are "interchangable" in this way?
Sure. (Instead of "interchangable" I'd say an attribute type has several NAME aliases.)
If yes, can I derive the list of such attributes from the schema files somehow? Or is there a RFC or something naming all such attributes?
Schema descriptions are spread across many RFCs, Internet-Drafts and other obscure docs. So just examine the subschema subentry of a server.
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Quanah Gibson-Mount -
Stefan Palme