[ldapext] why posixAccount MUST contain 'cn'?

Michael Ströder <michael@stroeder.com> Sun, 14 December 2014 16:10 UTC

Return-Path: <michael@stroeder.com>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 6F69C1A6FCA for <ldapext@ietfa.amsl.com>; Sun, 14 Dec 2014 08:10:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.388
X-Spam-Status: No, score=0.388 tagged_above=-999 required=5 tests=[BAYES_50=0.8, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id XAHPuYUzK2Ah for <ldapext@ietfa.amsl.com>; Sun, 14 Dec 2014 08:10:47 -0800 (PST)
Received: from srv1.stroeder.com (srv1.stroeder.com []) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FED71A6F33 for <ldapext@ietf.org>; Sun, 14 Dec 2014 08:10:47 -0800 (PST)
Received: from localhost (localhost []) by srv1.stroeder.com (Postfix) with ESMTP id 2993B60334 for <ldapext@ietf.org>; Sun, 14 Dec 2014 17:10:43 +0100 (CET)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([]) by localhost (srv1.stroeder.com []) (amavisd-new, port 10024) with ESMTP id Naag2XHWgTey for <ldapext@ietf.org>; Sun, 14 Dec 2014 17:10:39 +0100 (CET)
Received: from [] (unknown []) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client CN "michael@stroeder.com", Issuer "StartCom Class 1 Primary Intermediate Client CA" (verified OK)) by srv1.stroeder.com (Postfix) with ESMTPS id 90C9D602E4 for <ldapext@ietf.org>; Sun, 14 Dec 2014 16:10:38 +0000 (UTC)
Message-ID: <548DB67C.5060009@stroeder.com>
Date: Sun, 14 Dec 2014 17:10:36 +0100
From: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= <michael@stroeder.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26.1
MIME-Version: 1.0
To: ldapext@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms070203080708040506070003"
Archived-At: http://mailarchive.ietf.org/arch/msg/ldapext/wBRh4oLEeFZF_xzExo-QEwM5fp0
Subject: [ldapext] why posixAccount MUST contain 'cn'?
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ldapext/>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Dec 2014 16:10:49 -0000


Is there any strong reason why auxiliary object class 'posixAccount' has
defined 'cn' as being a mandatory attribute?

I'd be in favour of relaxing this to MAY cn in RFC2307bis.

Also what's the distinction of 'cn' and 'gecos' in 'posixAccount'. It seems
most NSS LDAP clients use attribute 'cn' as gecos field today.

Ciao, Michael.