[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: When to not deref aliases

To: ietf-ldapbis@OpenLDAP.org
Subject: RE: When to not deref aliases
From: "Salter, Thomas A" <Thomas.Salter@unisys.com>
Date: Wed, 17 Jan 2001 09:44:23 -0500

I have just checked various X.500 standards and reached these conclusions:

1. dontDereferenceAliases was in the 1988 version.  A note there says it
does not apply to operations which modify an entry -- they are never
dereferenced.

2. In the 1993 and 1997 standards there is a note on each of Add, Modify,
Remove, and ModifyDN that dontDereferenceAliases is ignored and assumed to
be set.

3. The 1997 standards also add an useAliasOnUpdate critical extension to
allow the modifying operations to dereference aliases.

4. dontDereferenceAliases is honored by Read, List, Search and Compare, with
the default being to dereference.

5. Aliases are not directly mentioned in the context of a Bind operation,
but X.509 states that a simple bind password is validated using the Compare
operation to test the UserPassword attribute.  There is no mention of
disallowing alias derferencing.

In summary, the X.500 defaults are that operations which read the directory
dereference aliases and those that modify the directory operate on the alias
entry itself.

Prev by Date: RE: When to not deref aliases
Next by Date: RE: When to not deref aliases
Index(es):
- Chronological
- Thread