[Date Prev][Date Next] [Chronological] [Thread] [Top]

base referrals issue/idea?

To: ietf-ldapext@netscape.com
Subject: base referrals issue/idea?
From: Christopher Lukas <lukas@cs.wisc.edu>
Date: Mon, 31 Aug 1998 16:48:57 -0500
Organization: Internet Scout Project, University of Wisconsin-Madison
Resent-date: Mon, 31 Aug 1998 14:49:12 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"fouvk3.0.lS6.Kfnwr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

As there appears to be no archive, this may have been asked and
answered.  I suppose I should have asked about this at IETF, but I was
just thinking about an issue that could be in the referrals document
(which is now going to be split apparently).  

In draft-ietf-ldapext-referral-00.txt, several different examples for
named referrals are discussed.  It seems to me that one example might be
missing.  

Suppose I do a base search for something like: 

cn=Chris Lukas,o=UW,c=us

with a filter of (objectclass=*).

If I perform this search on the server that holds the "o=UW,c=us"
subtree (call it server 1), I'll obviously get the correct entry.  

Now, suppose I'm searching on a different server (call it server 2) than
the one that holds the "o=UW,c=us" subtree, but server 2 has a referral
entry for that "o=UW,c=us" entry that points to server 1.

I perform a subtree search with base of "o=UW,c=us" and filter of
"(cn=Chris Lukas)"; a referral is returned from server 2, and my client
contacts server 1 and gets the correct entry.

Now, suppose I perform a BASE search for "cn=Chris Lukas,o=UW,c=us" on
server 2.  Now, server 2 does not have a "cn=Chris Lukas,o=UW,c=us"
entry with or without a ref attribute in it.  This leads to my question,
what is server 2 going to return here?

According to RFC2251: "If the contacted server does not hold the base
object for the search, then it will return a referral to the client." 
What this referral is doesn't seem to be defined -- it could be the
"default referral" or it could be something else it seems.

I would argue that server 2, in the last example above, should notice
that, while it does not contain the "cn=Chris Lukas,o=UW,c=us" entry, it
DOES contain an "o=UW,c=us" entry and since the "o=UW,c=us" entry has a
"ref" attribute, it should return that referral.

The point of this is that it would be painful to put a referral for each
and every entry under "o=UW,c=us" into server 2, and the point (in my
mind) of having an "o=UW,c=us" entry in server 2 with a referral to
server 1 is to transparently send the client to the right place.  It
seems especially useful for server 2 to not simply refer the client to
some generic "I don't know" server because server 2 does, in fact, know
where the record is. 

I think that the document describe something like: "On a base search, if
the server does not hold the base object requested by the client but
does hold an entry with a 'ref' attribute for part of the DN of the
requested object, the server should return the referral from that
entry."

Does this make sense?  I would appreciate any clarification if I'm
misunderstanding something.

Thanks.

- Chris


------------------------
Christopher E. Lukas
Internet Scout Project 
http://scout.cs.wisc.edu

Prev by Date: RE: updated Signed Directory Operations Draft <draft-ietf-ldapext -sigops-02.txt>
Next by Date: Re: updated Signed Directory Operations Draft <draft-ietf-ldapext
Index(es):
- Chronological
- Thread