[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Clarification of RootDSE information retrieval required
- To: "RFC-822=ietf-ldapext(a)netscape.com" <ietf-ldapext@netscape.com> (Receipt Notification Requested) (Non Receipt Notification Requested)
- Subject: Clarification of RootDSE information retrieval required
- From: Briscoe AR <A.R.Briscoe@MAN05T1.wins.icl.co.uk> (Tel \(MAN05 2405\))
- Date: Fri, 13 Nov 1998 16:46:00 +0000
- Alternate-recipient: Allowed
- Resent-date: Fri, 13 Nov 1998 09:12:47 -0800 (PST)
- Resent-from: ietf-ldapext@netscape.com
- Resent-message-id: <"Rk97v.0.KR1.3Y6Js"@glacier>
- Resent-sender: ietf-ldapext-request@netscape.com
- X400-content-type: P2-1984 (2)
- X400-mts-identifier: [/PRMD=icl/ADMD=gold 400/C=gb/;G5JA8AAAAAAJ9IAAABYQACiMOLwb9U]
- X400-originator: A.R.Briscoe@MAN05T1.wins.icl.co.uk
- X400-received: by mta bath.mail.pipex.net in /PRMD=pipex/ADMD=pipex/C=gb/; Relayed; Fri, 13 Nov 1998 16:50:38 +0000
- X400-received: by /PRMD=icl/ADMD=gold 400/C=gb/; Relayed; Fri, 13 Nov 1998 16:46:00 +0000
- X400-recipients: non-disclosure:;
Apologies to anyone who may have seen this twice. I first posted
to the ietf-asid list but have reposted to ietf-ldapext as I am not
convinced about the coverage of the asid list anymore. Does
anyone listen to the asid list these days?
Following recent attendance at the DirConnect event held by the IDC
I require some clarification on how access to the RootDSE is
expected to take place.
I am aware that a number of parties expect to be able to search
for the details in the RootDSE by performing a BASE object search
on the root DN ("") specifying a filter of "objectClass=*" and defaulting
to 'information selection' of all attributes using a zero length
AttributeDescriptionList.
My understanding is that this is not correct, I will now draw on what I
think are the relevant sections of the relevant RFCs
RFC 2251 states in par. 5 sect. 3.2.1:
"Some attributes, termed operational attributes, are used by servers
for administering the directory system itself. They are not returned
in search results unless explicitly requested by name. Attributes
which are not operational, such as "mail", will have their schema and
syntax constraints enforced by servers, but servers will generally
not make use of their values."
For the purposes here we can say that LDAP schema is defined by
RFC 2252, this RFC has section 5.2 which starts:
"5.2. LDAP Operational Attributes
These attributes are only present in the root DSE (see [1] and [3]).
Servers MUST recognize these attribute names, but it is not required
that a server provide values for these attributes, when the attribute
corresponds to a feature which the server does not implement."
To my mind the extract from RFC 2252 states that the basic set of
possible RootDSE attributes are operational attributes. This in
conjunction with the extract from RFC 2251 means that if a search
is performed with a desire of reading those attributes considered to
be operational than they must be requested explicitly by name.
Obviously an implementation may choose to store other attributes in
the RootDSE which are not operational. In this case a search such
as that stated at the beginning of this question would retrieve the
values of those attributes but not those listed in section 5.2 of RFC 2252.
So am I correct or have I missed something? If my reasoning is correct
can we expect to force client implementors to follow the letter of the
RFCs, or is some relaxation required to allow clients to treat the
RootDSE operational attributes as if they were not operational?
Thanks, Andrew.
------------------------------------------------------
Andrew Briscoe, i500 Designer Implementor
High Performance Sytems Division, Manchester, England
Internet Mail: a.r.briscoe@man05t1.wins.icl.co.uk
X.400 Mail: a.r.briscoe@man05t1.x400.icl.co.uk
WWW: www.i500directory.com
Tel: +44 (0)161 223 1301