Re: OpenLDAP enhancements

[David J N Begley <david@avarice.nepean.uws.edu.au>]

On Wed, 11 Aug 1999, Kurt D. Zeilenga wrote:

> At 02:47 PM 8/12/99 +1000, David J N Begley wrote:
> >> Some LDAPv3 servers may provide some or all operational attribute types in
> >> the RootDSE without requiring it being listed, but some (like OpenLDAP)
> >> require that you explicitly request it.
> >Question - why?
> 
> RFC2251, 3.2.1:

Yeah, but RFC 2251 refers to RFC 2119 for interpreting compliance or
requirements words and neither "are not" nor "will not" are either capitalised
or treated in RFC 2119 (as the other phrases are throughout RFC 2251).

I'm not trying to be overly pedantic here, just trying to understand the
rationale for the OpenLDAP design decision.

> A number of vendors also return operational attribute types (such as
> objectclasses and attributetypes) without them being requested when
> searching subschema subentries.

Yes - but the RFCs don't appear to mandate that they can't, either;  just
tells clients not to expect them without explicitly nominating the attributes
they want.

> No.   If you are adding an entry, you know it's DN.  Hence, you can
[...]
> or the entry at the root of the namingContext which will hold the entry.

Fair enough, thanks.

> In particular, the subschemasubentry for a specific entry may not be
> listed in the RootDSE of the contacted server.  However, other subschema
> subentries may be listed in the RootDSE.  This can occur when the entry is
> not mastered by the contacted server and the master server did not provid
> the slave server with the subschema for the entry.

Much better, thanks.  ;-)


dave