Re: X.509 and the Directory

Ed Oskiewicz (
Mon, 16 Sep 1996 15:14:19 +0100


I am looking at the same problem and I would be grateful for the collective
wisdom of this mailing list. The immediate problem I have is how to compose
a suitable RDN. At the moment I have a people directory with entries like:

cn=Joe Bloggs+empid=xyz, ou=BT labs, o=bt, c=gb

For security I need to store certificates etc in a separate directory but be
able to look up certificates associated with people in the main directory
(using employee id as a common key). If I create the certificate entries as

certid=....,ou=BT labs, o=bt, c=gb

Then it seems to be difficult (impossible) to partition this as a separate
directory, if I do something like:

certid=....,ou=BT labs PKI, o=bt, c=gb
certid=....,subou=PKI, ou=BT labs, o=bt, c=gb

then mapping onto a separate directory is easier but the naming seems clumsy
and artificial not to mention that I am now inventing fictional components
of my company.

I guess the general issue here is how do you design the naming scheme if you
need multiple directories within one unit of an organization. Am I (I hope)
missing something obvious or is this really as awkward to do as I've made it


Ed Oskiewicz

      B54/76, BT Labs, Martlesham Heath, Ipswich, Suffolk, UK, IP5 7RE,
		  Tel +44 1473 640896, Fax +44 1473 640929