Hi, I'm trying to understand LDAP and DNs a bit better. I had always
felt that:
/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=ian stokes-rees (1)
was what a DN "should look like", but having just read "RFC 1779 - A
String Representation of Distinguished Names" it seems that
CN=ian stokes-rees,L=OeSC,OU=Oxford,O=eScience,C=UK (2)
would be more accurate.
Where does the first DN string format come from? I know this is what is
used in Grid mapfiles, and certainly it is how one "normally" thinks of
reading these hierarchical things (with DNS names being the exception),
but RFC 1779 seems to state they should look like (2) rather than (1).
Cheers,
Ian
PS - Am I also right in understanding that attribute types (e.g. CN, L,
OU, O) are case insensitive, while attribute values (e.g. OeSC, Oxford,
UK) are case sensitive, or is this case insensitivity either explicitly
aliased or specified in the attribute type definition?
|