[Date Prev][Date Next]
Re: RFC2253bis: "a published table"
If you are stating that attribute type names that are NOT in the table MUST NOT be used in DNs, rather, that the associated OBJECT IDENTIFIER be used, I think that this would break many existing implementations. Further, it all but requires that LDAP "clients" hold onto a "name" <-> OID mapping table of their own in order to build "proper" DNs for communication over "the wire".
The OS/390 LDAP server has this issue today because it already supports multiple naming contexts, each of which is backed by a different data base implementation - and each implementation has its own, specific, schema. We have found that the "subschemasubentry" attribute in the rootDSE, even though it is multi-valued, provides "ambiguous" data if multiple values are in that attribute - which value corresponds to which namingContext?
In the current OS/390 implmentation, the server "chooses" what, in general, is the "more complete" schema, in order to "normalize" incoming distinguished names and determine which "namingContext/database" the request is really destined for.
I would like to see the issues of multiple namingContexts and differing schemas between them addressed much better in follow-on work to RFC 2251.
One idea that we've had is the following:
a) all servers are expected to publish the DN of the schema used to "route requests" (when multiple namingContexts are involved) as a SINGLE VALUE in the subschemasubentry attribute of the rootDSE
b) schemas for each namingContext can be found at DN: cn=schema, <namingContext>. These names can be found by looking at the subschemasubentry value returned from a base entry search of the <namingContext> entry - which are already accessible from the rootDSE.
c) publishing schema at a FIXED DN (like "cn=schema") is problematic when multiple LDAP servers exist in an environment/enterprise
Internal: Timothy Hahn/Endicott/IBM@IBMUS or IBMUSM00(HAHNT)
phone: 607.752.6388 tie-line: 8/852.6388
Sent by: owner-ietf-ldapbis@OpenLDAP.org
To: Mark Wahl <Mark.Wahl@sun.com>
Subject: Re: RFC2253bis: "a published table"
At 10:25 AM 11/1/00 -0600, Mark Wahl wrote:
>"Kurt D. Zeilenga" wrote:
>> RFC2253, 2.3 states:
>> If the AttributeType is in a published table of attribute types
>> associated with LDAP [4 (RFC2252)]....
>> What "published table" is being referred to? There is no table
>> in RFC2252 nor does the sentence appear to refer to the table
>> within the section.
>It refers to the table within the section.
That seems reasonable. I believe the language should be reworked
slightly for clarity. I suggest:
If the AttributeType is in the following table of attribute types
associated with LDAP [RFC2252], then the type name string from that
table is used, otherwise it is encoded as the dotted-decimal encoding
of the AttributeType's OBJECT IDENTIFIER. The dotted-decimal notation
is described in [RFC2251].
String X.500 AttributeType