[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: subschemaSubentry within the root DSE

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: subschemaSubentry within the root DSE
From: "Timothy Hahn" <hahnt@us.ibm.com>
Date: Mon, 12 Mar 2001 13:36:54 -0500
Cc: ietf-ldapbis@OpenLDAP.org
Importance: Normal

Kurt,

I agree with your proposed changes.

Further, I would suggest some sort of note that a common mechanism for determining the active schema(s) for a server is to query the subschemasubentry attribute for each of the naming context DNs that are found in the namingContexts attribute of the root DSE.

Regards,
Tim Hahn

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Endicott/IBM@IBMUS or IBMUSM00(HAHNT)
phone: 607.752.6388 tie-line: 8/852.6388
fax: 607.752.3681

Sent by: owner-ietf-ldapbis@OpenLDAP.org

To: ietf-ldapbis@OpenLDAP.org
cc:
Subject: subschemaSubentry within the root DSE

As discussed previously (LDAPext, LDAPbis lists), RFC 2251 Section 3.4 use of subschemaSubentry is significantly flawed.
The following attributes of the root DSE are defined in section 5 of [5]. Additional attributes may be defined in other documents. ... - subschemaSubentry: subschema entries (or subentries) known by this server.
The subschemaSubentry attribute, like all other subschemaSubentry, should provide the name of the entry (or subentry) containing the subschema controlling the entry. That is, the subschemaSubentry attribute contained in the root DSE should refer to the particular subschema subentry containing the subschema controlling the root DSE itself.
I note that 3.4 use calls for the subschemaSubentry to be used in a manner which is clearly inconsistent with the primary use of subschemaSubentry [and its description (as single-valued and directoryOperation)].
Hence, I suggest the following changes be made to RFC 2251:
The 3.4 text: - subschemaSubentry: subschema entries (or subentries) known by this server.
be replaced with: - subchemaSubentry: the name of the subschema entry containing the schema controlling the root DSE.
The 3.4 text: If the server does not master entries and does not know the locations of schema information, the subschemaSubentry attribute is not present in the root DSE. If the server masters directory entries under one or more schema rules, there may be any number of values of the subschemaSubentry attribute in the root DSE.
be deleted.
Section 6.2 text: The client can retrieve the subschema entries referenced by the subschemaSubentry attribute in the server's root DSE or in entries held by the server.
be replaced with: The client can obtain the name of the subschema entry (or subentry) controlling a particular entry by retrieve that entry's subschemaSubentry attribute.
These changes make the use of subschemaSubentry attribute consistent throughout the LDAP technical specification and with X.500.
The addition of a note that LDAP does not address the subschema chicken and egg problem (discovery of schema controlling a yet to be added entry at the root of a subschema administrative area) might be also be appropriate.
Kurt

Follow-Ups:
- Re: subschemaSubentry within the root DSE
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: subschemaSubentry within the root DSE
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: subschemaSubentry within the root DSE
Next by Date: RE: DN "published table" opinion
Index(es):
- Chronological
- Thread