PingDS 7.5.0


Compares an assertion value of DN syntax to a value whose syntax is an ASN.1 DistinguishedName type.

The rule evaluates to TRUE if and only if the assertion value and the attribute value have the same number of RDNs, and the RDNs in the same position are the same. Two RDNs are the same if and only if they have the same number of attribute value assertions (AVA), and each AVA of the first RDN is the same as the AVA of the second RDN with the same attribute type, according to the equality matching rule for the attribute type. Order of AVAs is not significant. If one or more AVAs evaluate to Undefined, and the remaining AVAs evaluate to TRUE, then the distinguishedNameMatch evaluates to Undefined.




RFC 4517

Assertion syntax



Copyright © 2010-2024 ForgeRock, all rights reserved.