| Author | Messages | |
AD000001239
Posts:0
 | | 09/30/2005 2:48 AM |
| Looking at the AD schema, I'm seeing that distinguished name values are not
bound by any length restrictions. All AD API functions and interface
methods that accept DN values can accept values that are of arbitrary
length. Likewise, all such API functions and interface methods that return
DN values appear to do so by returning a buffer that's allocated on the heap
and which can be arbitrarily large in size. In all cases, a maximum size
limit doesn't seem to be imposed thru any sort of defined constant.
Is there a maximum DN size that's documented anywhere?
TIA,
Chuck
--
Chuck Chopp
ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com
RTFM Consulting Services Inc. 864 801 2795 voice & voicemail
103 Autumn Hill Road 864 801 2774 fax
Greer, SC 29651
"Racing to save lives"
The Leukemia & Lymphoma Society - Team in Training
http://www.active.com/donate/tntsc/tntscCChopp
Do not send me unsolicited commercial email.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| hcoleman
Posts:134
| | 09/30/2005 1:26 AM |
| >From AD's perspective, the RDN is "Some User" (or "cn=Some User"). It
does not include anything beyond that, such as OU or container paths.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Chuck Chopp
Sent: Thursday, September 29, 2005 9:54 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Maximum distinguished name length?
Steve Patrick wrote:
> There is no hardcoded limitation on DN - there is a max 255 RDN
length.
And just to verify how the term RDN is defined w/respect to AD [as
opposed to how it's defined w.r.t. eDirectory], the RDN value is the
partial distinguished name of an object that is relative to the AD
domain in which it is located. So, if the object's CN is "Some User"
and is located in an OU named "Our Users" located within the domain
"DC=MyDomain,DC=MyCompany,DC=COM", then the RDN is "CN=Some User,OU=Our
Users". Or, to put it another way, the RDN is all components of the
name from the "CN" up to but not including the first occurrence of a
"DC"
component in the DN. This is correct, yes?
--
Chuck Chopp
ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com
RTFM Consulting Services Inc. 864 801 2795 voice & voicemail
103 Autumn Hill Road 864 801 2774 fax
Greer, SC 29651
"Racing to save lives"
The Leukemia & Lymphoma Society - Team in Training
http://www.active.com/donate/tntsc/tntscCChopp
Do not send me unsolicited commercial email.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD000001239
Posts:0
| | 09/30/2005 1:45 AM |
| Coleman, Hunter wrote:
From AD's perspective, the RDN is "Some User" (or "cn=Some User"). It
does not include anything beyond that, such as OU or container paths.
OK, I think that clears it up for me. From the Novell eDirectory point of
view, given that you can have a context handle set to any arbitrary location
in the tree, an RDN is simply the portion of the object's DN that is
relative to the current context. Think of it as being like having a current
working directory and referring to folders & files via relative file paths
instead of absolute file paths. AD lacks the concept of a current context
and so I can see how an RDN is defined differently w.r.t. AD.
--
Chuck Chopp
ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com
RTFM Consulting Services Inc. 864 801 2795 voice & voicemail
103 Autumn Hill Road 864 801 2774 fax
Greer, SC 29651
"Racing to save lives"
The Leukemia & Lymphoma Society - Team in Training
http://www.active.com/donate/tntsc/tntscCChopp
Do not send me unsolicited commercial email.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| tech4steve
Posts:17
| | 09/30/2005 3:15 AM |
| There is no hardcoded limitation on DN - there is a max 255 RDN length.
steve
----- Original Message -----
From: "Chuck Chopp"
To:
Sent: Thursday, September 29, 2005 7:47 PM
Subject: [ActiveDir] Maximum distinguished name length?
Looking at the AD schema, I'm seeing that distinguished name values are
not bound by any length restrictions. All AD API functions and interface
methods that accept DN values can accept values that are of arbitrary
length. Likewise, all such API functions and interface methods that
return DN values appear to do so by returning a buffer that's allocated on
the heap and which can be arbitrarily large in size. In all cases, a
maximum size limit doesn't seem to be imposed thru any sort of defined
constant.
Is there a maximum DN size that's documented anywhere?
TIA,
Chuck
--
Chuck Chopp
ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com
RTFM Consulting Services Inc. 864 801 2795 voice & voicemail
103 Autumn Hill Road 864 801 2774 fax
Greer, SC 29651
"Racing to save lives"
The Leukemia & Lymphoma Society - Team in Training
http://www.active.com/donate/tntsc/tntscCChopp
Do not send me unsolicited commercial email.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD000001239
Posts:0
| | 09/30/2005 3:55 AM |
| Steve Patrick wrote:
There is no hardcoded limitation on DN - there is a max 255 RDN length.
And just to verify how the term RDN is defined w/respect to AD [as opposed
to how it's defined w.r.t. eDirectory], the RDN value is the partial
distinguished name of an object that is relative to the AD domain in which
it is located. So, if the object's CN is "Some User" and is located in an
OU named "Our Users" located within the domain
"DC=MyDomain,DC=MyCompany,DC=COM", then the RDN is "CN=Some User,OU=Our
Users". Or, to put it another way, the RDN is all components of the name
from the "CN" up to but not including the first occurrence of a "DC"
component in the DN. This is correct, yes?
--
Chuck Chopp
ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com
RTFM Consulting Services Inc. 864 801 2795 voice & voicemail
103 Autumn Hill Road 864 801 2774 fax
Greer, SC 29651
"Racing to save lives"
The Leukemia & Lymphoma Society - Team in Training
http://www.active.com/donate/tntsc/tntscCChopp
Do not send me unsolicited commercial email.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| listmail
Posts:824
| | 10/05/2005 2:08 AM |
| See RFC2253 for definition of LDAP RDN.
Key parts being
In X.501 ΐ] the ASN.1 structure of distinguished name is defined as:
DistinguishedName ::= RDNSequence
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
When converting from an ASN.1 RelativeDistinguishedName to a string,
the output consists of the string encodings of each
AttributeTypeAndValue (according to 2.3), in any order.
Where there is a multi-valued RDN, the outputs from adjoining
AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
character.
Basically, every piece separated by a comma or semicolon (i.e. not quoted or
escaped) is an RDN.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Chuck Chopp
Sent: Friday, September 30, 2005 9:44 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Maximum distinguished name length?
Coleman, Hunter wrote:
>>From AD's perspective, the RDN is "Some User" (or "cn=Some User"). It
> does not include anything beyond that, such as OU or container paths.
OK, I think that clears it up for me. From the Novell eDirectory point of
view, given that you can have a context handle set to any arbitrary location
in the tree, an RDN is simply the portion of the object's DN that is
relative to the current context. Think of it as being like having a current
working directory and referring to folders & files via relative file paths
instead of absolute file paths. AD lacks the concept of a current context
and so I can see how an RDN is defined differently w.r.t. AD.
--
Chuck Chopp
ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com
RTFM Consulting Services Inc. 864 801 2795 voice & voicemail
103 Autumn Hill Road 864 801 2774 fax
Greer, SC 29651
"Racing to save lives"
The Leukemia & Lymphoma Society - Team in Training
http://www.active.com/donate/tntsc/tntscCChopp
Do not send me unsolicited commercial email.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|