Re: overloading cn= in the DIT

Andrew Waugh <> Mon, 20 July 1992 02:40 UTC

Received: from by IETF.NRI.Reston.VA.US id aa09297; 19 Jul 92 22:40 EDT
Received: from NRI.NRI.Reston.Va.US by IETF.NRI.Reston.VA.US id aa09293; 19 Jul 92 22:40 EDT
Received: from by NRI.Reston.VA.US id aa16695; 19 Jul 92 22:43 EDT
Received: from by with local SMTP id <>; Mon, 20 Jul 1992 03:29:01 +0100
Received: from shark.mel.dit.CSIRO.AU by with Internet SMTP id <>; Mon, 20 Jul 1992 03:28:52 +0100
Received: from squid.mel.dit.CSIRO.AU by with SMTP id AA06647 (5.65c/IDA-1.4.4/DIT-1.3 for <>); Mon, 20 Jul 1992 12:29:00 +1000
Received: by squid.mel.dit.CSIRO.AU (4.1/SMI-4.0) id AA04836; Mon, 20 Jul 92 12:28:38 EST
Message-Id: <9207200228.AA04836@squid.mel.dit.CSIRO.AU>
To: ren <>
Cc: Andrew Waugh <>,
Subject: Re: overloading cn= in the DIT
In-Reply-To: Your message of "Mon, 20 Jul 92 12:06:18 +1000." <9207200206.AA00336@sicsds7.SICS.BU.OZ.AU>
Date: Mon, 20 Jul 92 12:28:38 +1000
From: Andrew Waugh <>

>> (ps I should make an honourable mention of ITAXA, which at least
>> looks at the object class of the returned entries _and_sorts_them_.
>> Way to go.)
>Yes, ITAXA has a nice grapical interface, but it still uses commonName
>for its searches on People, Devices, Networks etc.
>It will return any match not knowing if it is a real device/person/network..

I didn't say ITAXA was perfect, but that it was the first DUA that I
had seen which _sorts_ the information returned.

>The only current solution (i can think of at the moment) is to:
>1 - do a search using cn=
>2 - traverse the returned matched list
>    2a - check that each entry DOES NOT have a 
>         an attribute entry for some of the other types
>         (eg if you are searching for People, and the objectClass
>             attribute is "applicationProcess" you can then remove 
>             this entry)
>3 - Present list to user

You should be able to replace this with:
1 - do a search using cn= & objectClass=person.

This will return all entries which match the common name and are
of object class person (or any subclass of person, such as
organizationalPerson). See X.501 clause 9.4.3 Note 2.

This of course assumes that you are not working with some nitwit
who has defined their own object class 'nitwitPerson' which is not a
subclass of person!

andrew waugh