Definitely, 'dn' and 'distinguishedName' are different things. The

former is a pseudo attribute type used internally by slapd to represent
the distinguished name of an entry and its existance should not be
visible.  The latter is an "abstract" attribute type that is not meant
to exist in practice except as supertype of other dn-valued types.
So, the definition of attribute type 2.5.4.49 has been changed to be
just distinguishedName.  Work on the OPENLDAP_DEVEL_SCHEMA branch will
treat pseudo attributes especially and will not be visible to the
clients.

diff --git a/servers/slapd/schema/core.schema b/servers/slapd/schema/core.schema
index 18d5430be43bcfb91a8788917d9e61705ceb231c..e88e9ebf19b9f085804f53b1eeb14578180b35ec 100644 (file)
--- a/servers/slapd/schema/core.schema
+++ b/servers/slapd/schema/core.schema
@@ -210,11 +210,17 @@ attribute ( 2.5.4.30 NAME 'supportedApplicationContext'
       EQUALITY objectIdentifierMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
 
-# Placed here because others derive from it
-# We had a dn definition in slapd.at.conf and Netscape lists both
-# names for that OID
+# Placed here because others derive from it.
 
-attribute ( 2.5.4.49 NAME ( 'distinguishedName' 'dn' )
+# We had a dn definition in slapd.at.conf and Netscape lists both
+# names for that OID.  This is wrong, 'dn' is used internally in slapd
+# as the name of a pseudo-attribute type that contains the
+# distinguished name of an entry.  On the other hand, the attribute
+# type distinguishedName is meant to be an "abstract" type and other
+# dn-valued attribute types derive from it.  So at most, 'dn' would
+# be a subtype of distinguishedName.
+
+attribute ( 2.5.4.49 NAME 'distinguishedName'
       EQUALITY distinguishedNameMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )