[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: When to not deref aliases
I believe that dereferencing is the default for X.500. I say this because I
believe the option dontDereferenceAliases was added to allow management of
the alias entry itself. If the default were never to dereference, I would
have expected the option to be dereferenceAliases.
As regards the bind, we always dereference aliases. You gain the ability to
allow multiple logins (for access control) for the one user, though we
haven't used this feature in practice.
If you don't take the default as being dereference, it seems you are saying
that alias entries are second-class entries.
Just my thoughts.
Ron.
-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Wednesday, 17 January 2001 4:02
To: Jim Sermersheim
Cc: Ramsay, Ron; ietf-ldapbis@OpenLDAP.org
Subject: RE: When to not deref aliases
At 09:02 AM 1/16/01 -0700, Jim Sermersheim wrote:
>I don't think it's it's implied across the board.
>It's explicit for some operations.
Which is why I believe dereferencing is disallowed otherwise...
However, I agree that both interpretations are reasonable and
we need to got down to one interpretation.
When choosing one over the other, besides looking at the
technical merits of each, we should consider which interpretations
have been implemented and demonstrated interoperability.
In this case, I believe that aliases should not be dereferenced
in absence of a operation field (or control) specify the behavior
is a reasonable interpretation, a sound technical approach, is
widely implemented, and has demonstrated interoperability.
Kurt