[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Attribute Description Hierarchies and Policy Administration
Kurt,
Sounds OK to me.
Regards,
Tim Hahn
Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Endicott/IBM@IBMUS
phone: 919.224.1565 tie-line: 8/687.1565
fax: 919.224.2540
"Kurt D. Zeilenga"
<Kurt@OpenLDAP.org> To: ietf-ldapbis@OpenLDAP.org
Sent by: cc:
owner-ietf-ldapbis@O Subject: Attribute Description Hierarchies and Policy Administration
penLDAP.org
09/04/2002 01:18 PM
Steven Legg, Jim McMeeking, and I had a brief discussion regarding how
attribute descriptions hierarchies affect policy administration.
ldapbis-models was a bit unclear. We came up with the following
text for section 2.5.3 (replacing portions discussing subschema
and other policy administration) which should clarifying this.
For the purpose of subschema administration of the entry, a required
attribute requirement is fulfilled if the entry contains a value
of an attribute description belonging to an attribute hierarchy if
the attribute type of that description is the same as the required
attribute's type. That is, a "MUST name" requirement is fulfilled
by 'name' or 'name;x-tag-option', but is not fulfilled by 'CN' nor
by 'CN;x-tag-option'. Likewise, an entry may contain a value of
an attribute description belonging to an attribute hierarchy if the
attribute type of that description is either explicitly included
in the definition of an object class to which the entry belongs or
allowed by the DIT content rule applicable to that entry permits
it. That is, 'name' and 'name;x-tag-option' are allowed by "MAY
name" (or by "MUST name"), but 'CN' and 'CN;x-tag-option' are not
allowed by "MAY name" (nor by "MUST name").
For the purposes of other policy administration, unless stated
otherwise in the specification of particular administrative model,
all of the attribute descriptions in an attribute hierarchy are
treated as distinct and unrelated descriptions.
Comments?
Kurt