[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: What Does De-Reference Mean?

To: Chris Harding <c.harding@opengroup.org>
Subject: Re: What Does De-Reference Mean?
From: David Chadwick <d.w.chadwick@salford.ac.uk>
Date: Sun, 30 Mar 2003 13:06:35 -0800
Cc: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, ietf-ldapbis@OpenLDAP.org, a.thackrah@opengroup.org, dif-members@opengroup.org
Organization: University of Salford
References: <5.1.0.14.1.20030326191027.00a882f8@mailhome.rdg.opengroup. org> <5.1.0.14.1.20030328155129.00ae2118@mailhome.rdg.opengroup.org>

Chris

I dont disagree with your interpretation, but it shows something that we
found out years ago in the Paradise project, that it is better to simply
search for surname rather than full name, as you are more likely to find
the person. This is because you dont know if the directory stores common
names as D.W.Chadwick, David Chadwick, Chadwick, D.W. etc. and all 3
were present in Paradise.

regards

david


Chris Harding wrote:
> 
> Hi, Kurt -
> 
> Thanks for this response. It clearly implies that if there is an entry
> "Jonathan Adams" and an alias entry "Jonny Adams" that points to it then:
> 
>     - a search for "Jonathan Adams" with alias dereferencing requested
>       should return the Jonathan Adams entry
> 
>     - a search for "Jonny Adams" with alias dereferencing requested
>       should not return either entry.
> 
> Does anyone disagree with this interpretation?
> 
> At 15:42 27/03/2003 -0800, Kurt D. Zeilenga wrote:
> >It should be clear that each and every entry returned in
> >response to a search request did match the search filter.  That
> >is, if the filter is (CN=foo) than each entry returned has "foo"
> >as a (not necessarily returned) value of an attribute whose
> >type is CN or a subtype of CN.
> >
> >When dereferencing during searching (by derefInSearching or
> >derefAlways), the filter should be matched against the entry which
> >the alias refers to, not the alias itself.
> >
> >If the client asks for all alias objects, e.g, (objectClass=alias)
> >with dereferencing during finding enabled, then no entries should
> >be returned.  Likewise, when requesting (objectClass=*) with
> >dereferencing during finding enabled, none of entries returned
> >should belong to the alias objectClass.
> >
> >So, to answer your specific question, it is not relevant to
> >the matching what values of CN the 'alias' has. The values
> >of the aliased entry are, however, quite relevant.
> >
> >Kurt
> >
> >
> >At 11:22 AM 3/26/2003, Chris Harding wrote:
> > >Hi -
> > >
> > >The interpretation of the LDAP RFCs as regards dereferencing has become
> > an issue for the new certification program that The Open Group plans to
> > launch for LDAP servers. We have discussed it in the Directory
> > Interoperability Forum, and agreed that we should ask the experts in the
> > ldapbis group. Accordingly, I would like to ask your help in clarifying
> > this issue.
> > >
> > >Here's the issue. The requirement in the specification is:
> > >
> > >       When a server receives a search request with the derefAliases field
> > >       set to derefInSearching then it will dereference aliases in
> > subordinates
> > >       of the base object in searching.
> > >
> > >We have a test suite for use in the certification program. The suite
> > includes a test of this requirement (which is in fact derived from a test
> > in BLITS). The test data includes two entries: Jonathan Adams and Jonny
> > Adams. The Jonny Adams entry is an alias for Jonathan Adams.
> > >
> > >The test should check that Jonny Adams is de-referenced and Jonathan
> > Adams is returned. The question is, should the test search for Jonny or
> > for Jonathan.
> > >
> > >RFC 2251 does not explain dereferencing but defers to X.501.
> > Unfortunately, X.501 does not seem to explain it very well. My personal
> > interpretation after reading it is that, whenever a server encounters an
> > alias entry in the course of a search and dereferencing has been
> > requested, the server should dereference the alias and carry on searching
> > from the entry that the alias points to. Under this interpretation, a
> > search for Jonny should return the same result as a search for Jonathan -
> > the Jonathan Adams entry.
> > >
> > >I don't claim to be an expert on the interpretation of the
> > specifications - but I hope that experts in the IETF community can shed
> > light on this!
> > >
> > >Please send your comments to the ldapbis list. I will report the
> > consensus (assuming that one is reached) to the DIF.
> > >
> > >Regards,
> > >
> > >Chris
> > >+++++
> > >
> > >========================================================================
> > >           Dr. Christopher J. Harding
> > >  T H E    Executive Director for the Directory Interoperability Forum
> > > O P E N   Apex Plaza, Forbury Road, Reading RG1 1AX, UK
> > >G R O U P  Mailto:c.harding@opengroup.org Phone: +44 118 902 3018
> > >           WWW: http://www.opengroup.org Mobile: +44 774 063 1520
> > >========================================================================
> > >
> > >            The Open Group's Consortia Services - Association Management
> > For I.T.:
> > >            http://www.opengroup.org/consortia_services
> > >
> > >========================================================================
> 
> Regards,
> 
> Chris
> +++++
> 
> ========================================================================
>             Dr. Christopher J. Harding
>    T H E    Executive Director for the Directory Interoperability Forum
>   O P E N   Apex Plaza, Forbury Road, Reading RG1 1AX, UK
> G R O U P  Mailto:c.harding@opengroup.org Phone: +44 118 902 3018
>             WWW: http://www.opengroup.org Mobile: +44 774 063 1520
> ========================================================================
> 
>              The Open Group's Consortia Services - Association Management
> For I.T.:
>              http://www.opengroup.org/consortia_services
> 
> ========================================================================

-- 
*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 01484 532930
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

begin:vcard 
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500:  http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard

Follow-Ups:
- Re: What Does De-Reference Mean?
  - From: Chris Harding <c.harding@opengroup.org>

References:
- Re: What Does De-Reference Mean?
  - From: Chris Harding <c.harding@opengroup.org>

Prev by Date: Re: What Does De-Reference Mean?
Next by Date: Re: What Does De-Reference Mean?
Index(es):
- Chronological
- Thread