Description:

With CA Directory r12.0SP1, it is possible to control the order in which the multiple RDN attributes are returned. e.g. If an entry has the RDN of "serialNumber=0000001+cn=Craig Link", you can configure the directory to always return the serialNumber first and then the commonName.

Solution:

The Problem:

In the past, CA Directory used an Ingres RDBMS database for storing and retrieving attribute values. Ingres would return the values to the directory in a particular order. This would mean that for a given LDIF load, no matter what updates had been made, the order of the distinguished attributes as they related to the RDN would appear in the same order. Note that this order couldn't be defined by the customer. The point, however, is that the return order would be consistent.

With the introduction of r12.0SP1, CA Directory uses a proprietary datastore backend which is referred to as DXgrid. With r12.0SP1, the order of the attributes is dependent on where they happened to be found in the DXgrid .db file. This can cause issues for applications that don't adhere to RFC standards and rely on a particular order.

The Solution:

CA Directory r12.0SP1 has been modified to allow an ordering of attribute values, so that they can be returned in a specific order if they are listed in the entries RDN. The order in which they appear in the DXgrid .at file (associated with the DSA's datastore) will control which attribute is displayed first in the RDN. This means that the order will now be undefined but at least consistent.

To Define The Order:
Please Note: For all commands listed below, please run them as user "dsa" on Unix/Linux.

A way of defining the order of the attribute values in the RDN is to 'handcraft' the .at file and do a frontend (i.e. ldapadd) load. To do this:

1. Take an empty datastore and add an entry via the front end that contains all the attributes you wish to define an order for.
   
   
2. Stop the DSA using the command "dxserver stop {dsaName}"
   
   
3. Open the '.at' file for the relevant datastore and rearrange the attributes in the order as you see fit. Save the file after the edit.
   Make sure to leave the first 6 attributes alone as they are hardwired in the DSA.
   
   Please Note: If the '.at' file is already laid out in the order that you require, please close the file and then skip steps 4, 5 and 6 below.
   
   
4. Copy the '{dsaName}.at' file to a backup filename ending with the file extension of '{dsaName}.at_'.
   
   
5. Run the command 'dxemptydb {dsaName}' to empty the database.
   
   
6. Copy the file '{dsaName}.at_' over the new '{dsaName}.at' file.
   
   
7. Load your LDIF data using either 'dxmodify' or 'ldapadd'. It's important to load the data using these tools, and NOT DXloaddb.
   
   
8. Copy the resulting datastore '{dsaName}.db/{dsaName}.at/{dsaName}.oc' files to any other replica/peer servers that exist for the namespace.
   
   
9. Start the DSA using the command "dxserver start {dsaName}"

Example:
Please Note: For all commands listed in this example, please run them as user "dsa" on Unix/Linux.

If you wanted your RDN to always be returned as "sn=value + cn=value"

1. Create a new DSA (democorp) using the following command:
   dxnewdsa -s 200 democorp 19389 o=democorp,c=au
   
   NOTE: If you already have a DSA you can stop the DSA and run "dxemptydb dsaname" and restart the DSA
   
   
2. Apply the following LDIF file to the democorp DSA via a frontend tool (eg DXmodify)
   dxmodify -a -h HOSTNAME - p 19389 -f democorp.ldif
   
   Contents of democorp.ldif
   ====================================================================
   dn: o=DEMOCORP,c=AU
   objectClass: organization
   
   dn: ou=Support,o=DEMOCORP,c=AU
   objectClass: organizationalUnit
   
   dn: ou=Various,ou=Support,o=DEMOCORP,c=AU
   objectClass: organizationalUnit
   
   dn: cn=Tod WILCOX+sn=WILCOX,ou=Various,ou=Support,o=DEMOCORP,c=AU
   objectClass: inetOrgPerson
   cn: Tod WILCOX
   sn: WILCOX
   title: Financial Statistician
   telephoneNumber: 918 8789
   description: State Support
   mail: [email protected]
   postalAddress: 958 View Tech Rd$Lindisfarne TAS
   postalCode: 7015
   ====================================================================
   
   
3. Stop the DSA
   % dxserver stop democorp
   
   
4. Edit the DXHOME/data/democorp.at file by re-arranging the order of the attributes defined in your RDN
   
   2.5.4.3 # cn
   2.5.4.4 # sn
   
   should be re-arranged to
   
   2.5.4.4 # sn
   2.5.4.3 # cn
   
   NOTE: Do NOT change the order of the first 6 attributes in the .at file as the order for these attributes is hardwired in the DSA.
   
   
5. Copy DXHOME/data/democorp.at to DXHOME/data/democorp.at_
   
   
6. Run the following command to empty the democorp datastore
   dxemptydb democorp
   
   
7. Copy DXHOME/data/democorp.at_ to DXHOME/data/democorp.at
   
   
8. Start your DSA
   dxserver start democorp
   
   
9. Load your data via front-end
   dxmodify -a -h HOSTNAME - p 19389 -f democorp.ldif
   
   
10. Run dxsearch to see that you get the correct order in the RDN
    dxsearch -h HOSTNAME - p 19389 -b o=democorp,c=au -s sub "(sn=WILCOX)"
    
    dn: sn=WILCOX+cn=Tod WILCOX,ou=Various,ou=Support,o=democorp,c=au
    cn: Tod WILCOX
    sn: WILCOX
    objectClass: inetOrgPerson
    title: Financial Statistician
    telephoneNumber: 918 8789
    description: State Support
    mail: [email protected]
    postalAddress: 958 View Tech Rd$Lindisfarne TAS
    postalCode: 7015