[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: objectclass matching rule

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: RE: objectclass matching rule
From: "Ramsay, Ron" <Ron.Ramsay@ca.com>
Date: Thu, 26 Jul 2001 13:33:32 +1000
Cc: Steve Miller <Steve.Miller@openwave.com>, ietf-ldapbis@OpenLDAP.org

Kurt,

I don't think 'user attribute' will do it. Certainly, it is the directory's
charter to hold and maintain user data, but how it does this is not
specified. X.500 doesn't specify the internal representation. I guess LDAP
could profile this issue by saying that the directory must be capable of
returning values in the same form as they were presented to the directory,
but ....

Ron.

-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Thursday, 26 July 2001 11:42
To: Ramsay, Ron
Cc: Steve Miller; ietf-ldapbis@OpenLDAP.org
Subject: RE: objectclass matching rule

At 06:03 PM 7/25/2001, Ramsay, Ron wrote:
>Kurt,
>
>I would be interested is seeing where it is stated that an attribute with
>directory string syntax MUST have the exact value that was presented in the
>update. Do you have a reference?

Even with directory string there are likely issues due
to different charset choice and transliteration, such
when the server is an LDAPv3->LDAPv2 gateway.
My MUST assumed no transliteration was involved.  I
should have used octetString to remove transliteration
issues from entering into this.

I think the general rule, however, still holds true.
This comes from X.501, 8.1.2:
  user attribute: An attribute representing user information.

where user information is "placed in the Directory by, or on
behalf of, users; and subsequently administered by, or on
behalf of, users" (as opposed to administrative and operational
information which is "held by the Directory to meet various
administrative and operational requirements").

Kurt

Prev by Date: RE: objectclass matching rule
Next by Date: Re: StartTLS State Transition table
Index(es):
- Chronological
- Thread