[Date Prev][Date Next] [Chronological] [Thread] [Top]

other restrictions (RE: root dse search)

To: "Ramsay, Ron" <Ron.Ramsay@ca.com>
Subject: other restrictions (RE: root dse search)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 14 Mar 2001 23:53:57 -0800
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <A7E3A4B51615D511BCB6009027D0D18C1C38F0@aspams01.ca.com>

I'm going to break my reply in two as to separate two issues:
        - the filter
        - other restrictions
with the root dse.  This message responds to the other restrictions
portion of your reply.

Do you think the any of these "other" restrictions apply to
the root DSE?
  - administrative limits,
  - applicability to client's context (certain SASL mechanisms,
    controls, and extensions may only be visible when available), and
  - restrictions imposed by search controls.

I would think "there may be extremely large number of values
for certain operational attributes" (4.5.1) as the stated rational
for restricting the return of operational attributes clearly
applies to the root DSE.

At 03:56 PM 3/15/01 +1100, Ramsay, Ron wrote:
>I think that the 4.5.1 statement regarding the return of operational
>attributes was itself overridden in the case of the root DSE.

What in the TS leads you to this conclusion?
Is there something specific in the "core" RFC, X.501, or X.511
I've missed?

I believe one must take into account all relevant purposes of
the TS when interpreting a particular aspect of the TS.  I believe
section 4.5.1 is clearly relevant to search of the root DSE.
Without a specific statement in TS overriding these semantics
as it applies to section 3.4, I believe no requirement of 4.5.1
is overridden.

Kurt

References:
- RE: root dse search
  - From: "Ramsay, Ron" <Ron.Ramsay@ca.com>

Prev by Date: Re: ;binary and (supertypes of an attribute description)
Next by Date: filter (RE: root dse search)
Index(es):
- Chronological
- Thread