The UMich LDAP implementation doesn't make many assumptions about what
attribute types ("keywords") are used in DNs. If you use multi-valued
RDNs the slapd server may get confused, but I think the client library
handles those OK. Othwerwise, you can use any types you wish.
However, I would highly recommend using well-known attribute types in
your DNs. If you ever need to interoperate with other servers and
clients, they will have an easier time with standard attributes. You
can do a lot with just the "cn" attribute if you think of it as a very
generic "name" attribute (which it is).
> The reason we believe that there is a potential problem with using
> unknown keywords are the LDAP routines operating on DNs (i.e.
> ldap_explode_dn() etc) which are probably aware of the set of known RDN
> attribute keys.
A quick grep shows me that the only routine inside the LDAP library that
knows about these favored attribute types is ldap_dn2ufn(), and it has
to so it can comply with the relevant RFC. I didn't look in slapd, but
I we were fairly careful not to assume too much about what someone might
put in a DN.
-Mark