[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: When to not deref aliases

To: <ietf-ldapbis@OpenLDAP.org>, <Thomas.Salter@unisys.com>
Subject: RE: When to not deref aliases
From: "Jim Sermersheim" <JIMSE@novell.com>
Date: Wed, 17 Jan 2001 10:02:33 -0700
Content-disposition: inline

>>> "Salter, Thomas A" <Thomas.Salter@unisys.com> 1/17/01 7:44:23 AM >>>
<snip>
>
>In summary, the X.500 defaults are that operations which read the directory
>dereference aliases and those that modify the directory operate on the alias
>entry itself.

Using this generalized rule, I think the bind operation is still ambiguous as a number of LDAP server implementations both read (password) and update (password policy) the target object.

FWIW, I'd rather make LDAP explicitly state on all operations except bind that aliases are not dereferenced. If dereferencing is needed for other operations, a control can be used. My unconfirmed suspicion is as Kurt believes, that most LDAP vendors behave this way today. If that's not the case, hopefully those people will speak up.

Jim

Follow-Ups:
- RE: When to not deref aliases
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: RE: When to not deref aliases
Next by Date: LDAP/X.500 Alignment
Index(es):
- Chronological
- Thread