On 15 févr. 2012, at 14:26, Emmanuel Lécharny wrote:
> Hi guys,
>
> let's suppose we have an entry like :
>
> dn: cn=john doe, ou=system
> objectclass: person
> cn: john doe
> sn: john doe
>
> Let's now suppose that we want to camel-case the cn to have an entry like :
>
> dn: cn=John Doe, ou=system
> objectclass: person
> cn: John Doe
> sn: john doe
>
> Currently ADS does not support such a modification : it considers that it's a
> modifcation of an entry on itself, and it's not allowed. (cn is case
> insensitive, so basically, it's really a modification on itself).
Here's the exact error message it returns:
> LDAP: error code 68 - Attempt to move entry onto itself.
The error message is the same whether we use the LDAP API or JNDI in Studio.
I tested the same thing on OpenLDAP and the modification is successful.
> Now, from the user PoV, this is a bit painful, because even if cn is case
> insensitive, the user wants to see the DN as he provided it (after the
> rename, he may expect dn: cn=John Doe, ou=system).
>
> So
>
> Q1 : should we allow such a rename ? (it will modify the RDN *and* the
> attribute)
From the server's POV, the value, once normalized, is exactly the same ('cn' is
case insensitive). So I understand the rejection.
Now, from a user's POV, it would be better if it worked.
So, I'd go +1.
> Q2 : if we modify the cn only, should the RDN be modified too ? (currently,
> ADS does modify the CN, but not the RDN)
+1 too.
Regards,
Pierre-Arnaud
> wdyt ?
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
