[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: which syntax for which assertions?

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: which syntax for which assertions?
From: Steven Legg <steven.legg@adacel.com.au>
Date: Mon, 10 May 2004 17:20:07 +1000
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <6.0.1.1.0.20040506193848.04e0a490@127.0.0.1>
References: <s09a9734.069@sinclair.provo.novell.com> <6.0.1.1.0.20040506193848.04e0a490@127.0.0.1>
User-agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.3.1) Gecko/20030425


Kurt,

Kurt D. Zeilenga wrote:

At 06:50 PM 5/6/2004, Jim Sermersheim wrote:

I can't find it documented which syntax (the attribute syntax or the
matching rule syntax) is used for which assertions in various
operations.

Well, I think the models and X.501 is pretty clear that value in an AVA is to conform to the assertion syntax, and an attribute value is to conform to syntax of the attribute type.

And I think [Protocol] is fairly clear as it uses AttributeValueAssertion
(AVA) and AssertionValue for the former and PartialAttribute (PA) and
AttributeValue for the latter.

I'll list what I think, but it may be wrong:
AVAs in: (A)ttr or (M)atchRule

s/AVA/AVA or PA/ here.

equality filter          M(of equality mr)
ge and le filters        M(of ordering mr)
substring filters        M(of equality mr)
extensible filter        M(of extensible mr)
compare                  M(of equality mr)
add/mod                  A(of equality mr)
DNs                      A(of equality mr)

DNs clearly are sequences of AVAs.


DNs are sequences of AttributeTypeAndValue, as given in draft-ietf-ldapbis-dn-xx.txt
and X.501:1993. IIRC, DNs were sequences of AVAs only in X.501:1988. Subsequent editions
have imposed a condition on naming attributes that their equality matching rules
have an assertion syntax identical to the attribute syntax, so that the distinction
isn't critical.

Regards,
Steven

So for example, a compare operation which specifies 'attributeTypes'
will send an 'OID' and not an 'Attribute Type Description'.

Yes.  The assertion syntax of the AttributeType's equality matching
rule is OID.

Whereas if
the same attribute were passed in an add operation, it would send an
'Attribute Type Description', rather than an 'OID'.

Yes, The attribute syntax of the AttributeTYpe is Attribute Type Description.

It's important to make this distinction because LDAP doesn't provide
syntax knowledge in AVAs.

In either cases (AVAs or PAs), one has to have schema knowledge to know
the assertion and attribute syntaxes of the attribute type.

If an AVA also carried with it the syntax used
for the assertion value, we could derive the 'OID' from the 'Attribute
Type Description' in the compare example above.  But because we don't
have this ability, we must state which syntax is used for each operation
so the server can know how to interpret it.

I don't follow this.  It's clear which attribute type is involved
and its clear from the context whether the value is an assertion
value or an attribute value.  So, with schema knowledge, the
syntax of value can be determined.

Kurt

References:
- which syntax for which assertions?
  - From: "Jim Sermersheim" <jimse@novell.com>
- Re: which syntax for which assertions?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: control combination was: Re: protocol-22 comments)
Next by Date: Re: control combination was: Re: protocol-22 comments)
Index(es):
- Chronological
- Thread