On 02-04-16 10:51:31 CEST, Howard Chu wrote: > At its core, LDAP is simply a different front-end for the X.500 information > model. A DN is a name that uniquely identifies an object in the X.500 name > space. Practically speaking, a DN is a DN. In pure X.500, DNs are specified > to be big-endian, most-significant component listed first. An X.500 > directory path follows the same convention as a Unix filesystem path in this > regard. In LDAP, the convention is to display the DNs in the opposite order, > but the semantic meaning of the DN is unchanged. The X.500 representation > /c=us/o=foo/ou=people/cn=joe > specifies the exact same object as the LDAP DN > cn=joe,ou=people,o=foo,c=us
in other words, you mean that the X.500 presentation c=us,cn=John Doe and the LDAP presentation cn=John Doe,c=us have the exact same DER byte stream encoding? can you or anyone else prove this? :-) > To answer your question "is there a definition of how to transform X.500 DNs > to LDAP representation?" the answer is yes, it's RFC 2253. you mean (RFC 2253, 2.1) [...] the output consists of the string encodings of each RelativeDistinguishedName in the RDNSequence (according to 2.2), starting with the last element of the sequence and moving backwards toward the first. with "backwards" being the key word? seems to make sense, i wasn't aware of that before. thanks. rj ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]