Hi Emmanuel, IMO you are absolutely right (if I correctly understand RFC4512):
---------------------------------------------------------------------- 2.3.1. Relative Distinguished Names Each entry is named relative to its immediate superior. This relative name, known as its Relative Distinguished Name (RDN) [X.501], is composed of an unordered set of one or more attribute value assertions (AVA) consisting of an attribute description with zero options and an attribute value. *These AVAs are chosen to match attribute values (each a distinguished value) of the entry*. ---------------------------------------------------------------------- Stefan Emmanuel Lecharny wrote: > Hi, > > just a question : even if an entry contains the extensibleObject and > referral objectClass with a ref attribute, we still expect the RDN to be > one of the existing attribute in the entry, aren't we ? > > For instance, the following entry is invalid : > > dn: ou=RemoteUsers,ou=system > objectClass: top > objectClass: referral > objectClass: extensibleObject > ref: ldap://fermi:10389/ou=users,ou=system > ref: ldap://hertz:10389/ou=users,dc=example,dc=com > ref: ldap://maxwell:10389/ou=users,ou=system > > when the following one is valid : > > dn: ou=RemoteUsers,ou=system > objectClass: top > objectClass: referral > objectClass: extensibleObject > ref: ldap://fermi:10389/ou=users,ou=system > ref: ldap://hertz:10389/ou=users,dc=example,dc=com > ref: ldap://maxwell:10389/ou=users,ou=system > ou: RemoteUsers > > (the 'ou' attribute exists in the second entry, not in the first one) > > Thanks ! >
