[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RFC2253bis: "a published table"

To: ietf-ldapbis@OpenLDAP.org
Subject: Re: RFC2253bis: "a published table"
From: hahnt@us.ibm.com
Date: Wed, 1 Nov 2000 14:18:06 -0500
Importance: Normal

Kurt,

If you are stating that attribute type names that are NOT in the table MUST NOT be used in DNs, rather, that the associated OBJECT IDENTIFIER be used, I think that this would break many existing implementations. Further, it all but requires that LDAP "clients" hold onto a "name" <-> OID mapping table of their own in order to build "proper" DNs for communication over "the wire".

The OS/390 LDAP server has this issue today because it already supports multiple naming contexts, each of which is backed by a different data base implementation - and each implementation has its own, specific, schema. We have found that the "subschemasubentry" attribute in the rootDSE, even though it is multi-valued, provides "ambiguous" data if multiple values are in that attribute - which value corresponds to which namingContext?

In the current OS/390 implmentation, the server "chooses" what, in general, is the "more complete" schema, in order to "normalize" incoming distinguished names and determine which "namingContext/database" the request is really destined for.

I would like to see the issues of multiple namingContexts and differing schemas between them addressed much better in follow-on work to RFC 2251.

One idea that we've had is the following:

a) all servers are expected to publish the DN of the schema used to "route requests" (when multiple namingContexts are involved) as a SINGLE VALUE in the subschemasubentry attribute of the rootDSE
b) schemas for each namingContext can be found at DN: cn=schema, <namingContext>. These names can be found by looking at the subschemasubentry value returned from a base entry search of the <namingContext> entry - which are already accessible from the rootDSE.
c) publishing schema at a FIXED DN (like "cn=schema") is problematic when multiple LDAP servers exist in an environment/enterprise

Regards,
Tim Hahn

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Endicott/IBM@IBMUS or IBMUSM00(HAHNT)
phone: 607.752.6388 tie-line: 8/852.6388
fax: 607.752.3681

Sent by: owner-ietf-ldapbis@OpenLDAP.org

To: Mark Wahl <Mark.Wahl@sun.com>
cc: ietf-ldapbis@OpenLDAP.org
Subject: Re: RFC2253bis: "a published table"

At 10:25 AM 11/1/00 -0600, Mark Wahl wrote: >"Kurt D. Zeilenga" wrote: >> >> RFC2253, 2.3 states: >> If the AttributeType is in a published table of attribute types >> associated with LDAP [4 (RFC2252)].... >> >> What "published table" is being referred to? There is no table >> in RFC2252 nor does the sentence appear to refer to the table >> within the section. > >It refers to the table within the section.
That seems reasonable. I believe the language should be reworked slightly for clarity. I suggest:
If the AttributeType is in the following table of attribute types associated with LDAP [RFC2252], then the type name string from that table is used, otherwise it is encoded as the dotted-decimal encoding of the AttributeType's OBJECT IDENTIFIER. The dotted-decimal notation is described in [RFC2251].
String X.500 AttributeType ------------------------------ ...
Comments?

Follow-Ups:
- Re: RFC2253bis: "a published table"
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: RFC2253bis: "a published table"
Next by Date: Re: RFC2253bis: "a published table"
Index(es):
- Chronological
- Thread