Search code examples
ldapopenldap

Where can I find the definition of attribute aliases in LDAP?

Context

I'm trying to interact with an OpenLDAP server, and have some issues understanding the behavior of said server.

note : I don't have admin rights on this server, I am just writing some code that tries to extract lists of users and groups from it.

The specific point about which I have a question :

When I run a query asking for attribute name, I get entries containing cn, sn and givenName, and no name attribute :

# sample output:
$ ldapsearch [options ...] "(|(objectClass=posixAccount)(objectClass=posixGroup))" name
...
# sample users:
dn: uid=id4321,ou=Users,dc=example,dc=com
cn: u1234
sn: Doe
givenName: John

dn: uid=id4322,ou=Users,dc=example,dc=com
cn: u2234
sn: Doe
givenName: Jane

dn: ...

# sample groups:
dn: cn=Domain Users,ou=Groups,dc=example,dc=com
cn: Domain Users

dn: cn=HR,ou=Groups,dc=example,dc=com
cn: HR

dn: ...

Question

  • Where can I find the correspondance "attribute name in the query" -> "attribute(s) name(s) in the response" ?
  • If part of that correspondance is in the LDAP or OpenLDAP standard, where is it defined ?
  • If part of that correspondance comes from the directory config/schema, how can I query for it ?

I have tried to Google with limited success, I'm trying to head to RFCs but I don't know which one to read first.

Solution

  • I think I found the answer to my question :

    • the attributes name, cn, sn and a bunch of other standard attributes are defined in RFC 4519

    • an attribute type may have a supertype (for example : the definition of cn is ( 2.5.4.3 NAME 'cn' SUP name ), the definition of sn is ( 2.5.4.4 NAME 'sn' SUP name ) ), and if a search query queries for an attribute, the server may include in its response attributes whose supertype match
      so querying for name may return results with a sn, cn, givenName and initials attribute

    • the definition of "attribute types" and "supertype" is in RFC 4512