Re: [ldapext] why posixAccount MUST contain 'cn'?

Andrew Findlay <andrew.findlay@skills-1st.co.uk> Thu, 18 December 2014 09:53 UTC

Return-Path: <andrew.findlay@skills-1st.co.uk>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34FDD1A87A0 for <ldapext@ietfa.amsl.com>; Thu, 18 Dec 2014 01:53:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Level:
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5sKTvj19VWGW for <ldapext@ietfa.amsl.com>; Thu, 18 Dec 2014 01:53:22 -0800 (PST)
Received: from kea.ourshack.com (kea.ourshack.com [IPv6:2001:470:1f15:20::201]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E1341A6F8C for <ldapext@ietf.org>; Thu, 18 Dec 2014 01:53:22 -0800 (PST)
Received: from 4.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.e.7.f.0.d.8.0.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:8d0:f7e1::94] helo=slab.skills-1st.co.uk) by kea.ourshack.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <andrew.findlay@skills-1st.co.uk>) id 1Y1Xlm-0004N6-A5; Thu, 18 Dec 2014 09:53:18 +0000
Received: from andrew by slab.skills-1st.co.uk with local (Exim 4.83) (envelope-from <andrew.findlay@skills-1st.co.uk>) id 1Y1Xll-0007aI-Og; Thu, 18 Dec 2014 09:53:17 +0000
Date: Thu, 18 Dec 2014 09:53:17 +0000
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
To: Luke Howard <lukeh@padl.com>
Message-ID: <20141218095317.GF6326@slab.skills-1st.co.uk>
References: <548DB67C.5060009@stroeder.com> <CAJb3uA7JW7aOVP2=HuOZ+_roCy8t0d07XgyR5cJNs1PU+V77kA@mail.gmail.com> <5490AE1C.6010004@stroeder.com> <CAB3ntOsZSCEzmmxzGCDAx_GRSVzNERPxbGAM=9UjmFbgqe18Mg@mail.gmail.com> <5BC3F036-F46E-4BF2-926A-96C2E98E6064@padl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <5BC3F036-F46E-4BF2-926A-96C2E98E6064@padl.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Archived-At: http://mailarchive.ietf.org/arch/msg/ldapext/v5VXHaVqoB9xWZJgbG0pUzsVtW4
Cc: Ldapext <ldapext@ietf.org>, Michael =?iso-8859-1?Q?Str=F6der?= <michael@stroeder.com>, Jim Willeke <jim@willeke.com>
Subject: Re: [ldapext] why posixAccount MUST contain 'cn'?
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ldapext/>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Dec 2014 09:53:24 -0000

On Thu, Dec 18, 2014 at 11:43:03AM +1100, Luke Howard wrote:

> The only issue might be that some clients reject entries that are missing “cn”.

That would be an error in itself, as even mandatory attributes can be
hidden by access control and the GECOS field is often empty in
/etc/passwd entries so it is clearly not essential.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------