[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Continuation reference to root DN

To: <Mark.Wahl@sun.com>, "Jim Sermersheim" <jimse@novell.com>
Subject: Re: Continuation reference to root DN
From: d.w.chadwick@salford.ac.uk
Date: Thu, 21 Nov 2002 21:36:45 -0000
Cc: <mcs@netscape.com>, <ietf-ldapbis@OpenLDAP.org>, <Kurt@OpenLDAP.org>, <h.b.furuseth@usit.uio.no>
In-reply-to: <sddbfa9d.072@prv-mail20.provo.novell.com>

Date sent:      	Wed, 20 Nov 2002 20:50:11 -0700
From:           	"Jim Sermersheim" <jimse@novell.com>
To:             	<Mark.Wahl@sun.com>
Copies to:      	<mcs@netscape.com>, <ietf-ldapbis@OpenLDAP.org>, <Kurt@OpenLDAP.org>,
  	<h.b.furuseth@usit.uio.no>
Subject:        	Re: Continuation reference to root DN
Priority:       	non-urgent

> Well, at least one directory implementation has a real entry at the root of the global tree. Thus an alias could point to that entry. I guess that breaks the X.500 data model though and so is the problem of that implementation (it sure is handy to have a place to hang tree-wide policy though).
> 
> So, for the issue I brought up, let me ask if it's OK with the WG that we restrict referrals from pointing to the empty dn.
> 

Jim

I agree that subordinate references should be restricted to not be able to point 
to empty DNs. How can the root of the DIT be subordinate to something else. 
Clearly it cant!.

But an empty DN should be allowed in general, as this will be useful to point to 
superior references, eg as in a server holding an OU to point to the country 
server or org server.

regards

David

> Jim
> 
> >>> Mark Wahl <Mark.Wahl@sun.com> 11/20/02 05:48PM >>>
> 
> 
> Jim Sermersheim wrote:
> > 
> > Good point. 4.1.10 is broken when an alias points to the empty DN. One could
> > easily loop on this problem.
> 
> The requirements for continuation references were derived from those of 
> X.500 which tended to point 'across' or 'down'.  It would seem to me that 
> a referral to the root DSE for an operation that is not a baseObject search 
> or Modify on the root DSE would be a 'new feature'.  I don't know an 
> application of this feature that would warrant such a change being required
> to improve interoperability.  Do you know of such application needs?  If 
> so, let's discuss how it uses such referrals to other servers' root DSEs 
> before we discuss making a change to LDAP.  If there aren't, then it might
> be easier to just forbid such references from being created.
> 
> Mark Wahl
> Sun Microsystems Inc.
> 
> 
> 
>

References:
- Re: Continuation reference to root DN
  - From: "Jim Sermersheim" <jimse@novell.com>

Prev by Date: Re: Continuation reference to root DN
Next by Date: Re: Failed or Abandoned Bind operations
Index(es):
- Chronological
- Thread