On Mon, 2012-04-02 at 12:12 +0200, denis.pinkas@xxxxxxxx wrote: > I would like to first point out that there is currently a lack of > standardization for the abbreviations used to represent these > attributes. > > Values like O= OU= CN= DC= , as far as I remember, only appear in an > informational annex of one standard (I don't recall which one). I don't recall any of the X.5xx standard defining a string representation of attribute values or DNs. LDAP, on the other hand does. Such names are part of the definitions of the attribute type. The work to bring LDAP schema elements into X.500 will enable the definition of LDAP names for for these. Note that LDAP can define more than one name for an attribute type (and other schema elements like object classes). X.500 itself does not use these names in protocol, unlike LDAP. When LDAP was simply a lightweight mechanism for accessing the X.500 Directory Service, the names were really a local matter between the client and the LDAP server, which acted as a translation between LDAP and DAP. However, the names need to be standardized for LDAP. best regards David ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.