OpenDJ Administration Guide
16.5. Working With DIT Structure Rules & Name Forms

From clause 13.1.8 of ITU-T Rec. X.501 and Section 4.1.7.2 of RFC 4512

In simplest terms, a name form is a particular schema definition which requires specific RDN syntaxes for use upon entries bearing a specific STRUCTURAL class.

To offer an example of this, consider the following UDDIv3 name form, per the 03-uddiv3.ldif file included with OpenDJ:

      nameForms: ( 1.3.6.1.1.10.15.1
         NAME 'uddiBusinessEntityNameForm'
         OC uddiBusinessEntity
         MUST ( uddiBusinessKey )
         X-ORIGIN 'RFC 4403' )

This name form states that any entry bearing the STRUCTURAL class uddiBusinessEntity MUST ONLY be designated using the uddiBusinessKey as the principal RDN attribute type, for example, "uddiBusinessKey=ABC123".

Alternatively, when devising custom name forms, it is possible to enforce the use of specific attribute types within multi-valued RDNs. Consider the following hypothetical name form:

      nameForms: ( 1.3.6.1.4.1.56521.999.98.15
         NAME 'cnOrgForm'
         OC groupOfUniqueNames
         MUST ( cn $ o ) )

This name form states that any entry bearing the STRUCTURAL object class groupOfUniqueNames MUST be designated using attribute types cn and o for a qualifying entry bearing a multi-valued RDN, such as "cn=Auditors+o=Acme Audit Co".

Name forms also allow use of MAY clauses. Consider the following hypothetical name form, similar to the above:

      nameForms: ( 1.3.6.1.4.1.56521.999.98.16
         NAME 'cnOrgAltForm'
         OC groupOfUniqueNames
         MUST cn
         MAY o )

This rule enforces use of the cn RDN attribute type the same as before, but while it no longer requires use of o, it will not reject it when present. As such, either of the following RDNs are acceptable:

But, regardless of the permutations, a name form does little good in practice -- unless it is referenced by a DIT structure rule.