[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LAST CALL: draft-ietf-ldapext-referral-00.txt
Tim
this document is fine apart from the following:
i) it does not support the X.500 NSSR model of chaining and
referrals, and is incompatible with the X.500 model for subordinate
reference chaining and referrals. This is because X.500 has unified
the chaining and referral techniques to be the same for both
reference types. LDAP presently only caters for subordinate
references and not NSSRs. The reason is as follows: X.500 passes the
name of the superior entry in the continuation reference or referral,
and informs the subordinate DSA to continue with the children below
this entry. LDAP on the other hand passes the name of the subordinate
entry in the referral, and informs the server to continue with this
entry. Consequently LDAP cannot cater for NSSRs, simply because the
names of the children are not known by the referencing server.
ii) section 5.3 on unnamed reference is misleading in my opinion. I
did send email to Mark (and ASID) in July 97 pointing out some
ambiguities (but I dont remeber receiving a reply).
You state that this use of the ref attribute is similar to the
non-specific subordinate reference in X.500. But from my reading of
the current text it is quite different. In X.500, in the referencing
DSA, we know the DN of the entry holding the NSS reference (it is in
fact the name of the parent entry of the child naming contexts) but
we do not know the name of the child entry(ies) that is(are) pointed
to by the referencing DSA. In the LDAP unnamed reference, the DN of
the entry that the ref attribute is held in, is the ref attribute
itself, (which is not a usual DN, I suppose this is why you are
calling it an unnamed reference) but we do know the name of the entry
in the referenced DSA. The LDAP DN occurs in the referral of course!
So it is quite wrong to liken it to an NSSR. It is actually much more
like a cross reference (with optional indexing information), and it
might be better (and a lot clearer) if you redrew it that way i.e.
Server A
dn: o=abc,c=us
ref:ldap://hostB/o=abc,c=us
cn:babs
cn:gern
cn:bob
In your section5.3 you are implying that you do not have
information that you actually do have i.e. the name of the referenced
entry. It is thus wrong to call it an unnamed reference, when as I
have shown above, the name of the reference is clearly known from the
referral itself.
I look forward to your response
David
***************************************************
David Chadwick
IT Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
Mobile +44 370 957 287
Email D.W.Chadwick@iti.salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
***************************************************