Re: question on DN, RFC 1779

Mark Smith (
Fri, 06 Sep 1996 09:37:54 -0700

Carl Binding wrote:
> We're starting to look into using LDAP and SLAPD as a directory service
> for some experimental project. One issue we're facing is the
> composition of a distinguished name (DN). RFC 1779 mentions 7
> standardized keywords which can be used in RDNs of a DN. (For the
> standard buffs, this choice probably stems from an interpretation of
> the annex B of recommendation X.521).
> The question now is as follows:
> -- where do we find out about the set of keywords that U-Mich's LDAP
> env. can digest?
> -- can we define new such "standardized keywords"? if so, how?
> ...

The UMich LDAP implementation doesn't make many assumptions about what
attribute types ("keywords") are used in DNs. If you use multi-valued
RDNs the slapd server may get confused, but I think the client library
handles those OK. Othwerwise, you can use any types you wish.

However, I would highly recommend using well-known attribute types in
your DNs. If you ever need to interoperate with other servers and
clients, they will have an easier time with standard attributes. You
can do a lot with just the "cn" attribute if you think of it as a very
generic "name" attribute (which it is).

> The reason we believe that there is a potential problem with using
> unknown keywords are the LDAP routines operating on DNs (i.e.
> ldap_explode_dn() etc) which are probably aware of the set of known RDN
> attribute keys.

A quick grep shows me that the only routine inside the LDAP library that
knows about these favored attribute types is ldap_dn2ufn(), and it has
to so it can comply with the relevant RFC. I didn't look in slapd, but
I we were fairly careful not to assume too much about what someone might
put in a DN.