RFC 2253 Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names

Section "3. Parsing a String back to a Distinguished Name" says the following :

distinguishedName = [name]                    ; may be empty string

name = name-component *("," name-component)

name-component = attributeTypeAndValue *("+" attributeTypeAndValue)

attributeTypeAndValue = attributeType "=" attributeValue
but i do not know if you can use several times the same attributeType, might be in the RFC but (sorry) I do not have the time to read through the full RFC.


On 10/6/05, Stefan Zoerner <stefan@labeo.de> wrote:
Hi Emmanuel!

Emmanuel Lecharny wrote:

> Hi Stefan,
> working late, I see ;)
I'm on my way to bed ...

> I have a question for you, which is not related to Softera, but address
> your as an experienced Ldap fellow.
> Are DN like "ou=test+ou=test2,cn=whatever,..." allowed ?
> Thanks a lot for any answer. ( but a "NO" would be very cool ;)
I need to check it in the specs, but the bad news is that I was able to
create this entry

dn: ou=Judean Peoples Front+ou=Peoples Front of Judea,o=SevenSeas.org
objectClass: organizationalUnit
objectClass: top
ou: Peoples Front of Judea
ou: Judean Peoples Front

within my Tivoli Directory Server 6.0 instance (the first vendor I
tried). It is therefore almost certain, that it is allowed by the
standards. But there are probably vendors who do not allow it (by schema
restrictions, for instance). E.g. Active Directory does not allow an
attribute as RDN, if it has multiple values within the entry (even one
of the values is not allowed).

More details to come, after sweet dreams != RFCs.
Greeting from Hamburg at night, Stefan