> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Joop
> On 02-04-16 10:51:31 CEST, Howard Chu wrote:
> >In LDAP, the convention is to display the DNs in the
> opposite order,
> > but the semantic meaning of the DN is unchanged. The X.500
> representation
> > /c=us/o=foo/ou=people/cn=joe
> > specifies the exact same object as the LDAP DN
> > cn=joe,ou=people,o=foo,c=us
> in other words, you mean that the X.500 presentation c=us,cn=John Doe
> and the LDAP presentation cn=John Doe,c=us have the exact same DER byte
> stream encoding?
> can you or anyone else prove this? :-)
Remember that LDAP was originally only a front-end for ISODE, an actual
X.500 directory. The "ldapd" spoke LDAP on one side and DAP on the other
side. While the LDAP packets are BER-encoded, the DNs in those packets were
in string format. In X.500 a DN is encoded as a sequence of OIDs and values,
not as a sequence of strings. So of course, the answer to the question of
DER-encoding is "no!" But it was the job of the ldapd to translate between
forms.
> > To answer your question "is there a definition of how to
> transform X.500 DNs
> > to LDAP representation?" the answer is yes, it's RFC 2253.
>
> you mean (RFC 2253, 2.1)
>
> [...] the output consists of the string encodings of each
> RelativeDistinguishedName in the RDNSequence (according to 2.2),
> starting with the last element of the sequence and moving backwards
> toward the first.
>
> with "backwards" being the key word?
>
> seems to make sense, i wasn't aware of that before.
> thanks.
Yes, exactly. And for the X.500 definitions, I refer you to X.501 section
9.2 "Names in General" :
Each initial sub-sequence of the name of an object is also the name
an object. The sequence of objects so identified, starting with the
root and ending with the object being named, is such that each is the
immediate superior of that which follows it in the sequence.
And X.501 section 9.7 "Distinguished Names":
The distinguished name of a given object is defined as that name which
consists of the sequence of the RDNs of the entry which represents the
object and those of all of its superior entries (in descending order).
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
