RFC 2253 Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
Section "3. Parsing a String back to a Distinguished Name" says the following :
distinguishedName = [name] ; may be empty stringbut i do not know if you can use several times the same attributeType, might be in the RFC but (sorry) I do not have the time to read through the full RFC.
name = name-component *("," name-component)
name-component = attributeTypeAndValue *("+" attributeTypeAndValue)
attributeTypeAndValue = attributeType "=" attributeValue
Emmanuel Lecharny wrote:
> Hi Stefan,
> working late, I see ;)
I'm on my way to bed ...
> I have a question for you, which is not related to Softera, but address
> your as an experienced Ldap fellow.
> Are DN like "ou=test+ou=test2,cn=whatever,..." allowed ?
> Thanks a lot for any answer. ( but a "NO" would be very cool ;)
I need to check it in the specs, but the bad news is that I was able to
create this entry
dn: ou=Judean Peoples Front+ou=Peoples Front of Judea,o=SevenSeas.org
ou: Peoples Front of Judea
ou: Judean Peoples Front
within my Tivoli Directory Server 6.0 instance (the first vendor I
tried). It is therefore almost certain, that it is allowed by the
standards. But there are probably vendors who do not allow it (by schema
restrictions, for instance). E.g. Active Directory does not allow an
attribute as RDN, if it has multiple values within the entry (even one
of the values is not allowed).
More details to come, after sweet dreams != RFCs.
Greeting from Hamburg at night, Stefan