[Date Prev][Date Next] [Chronological] [Thread] [Top]

Subschema management (was Abstract object class)

To: Jeff.Hodges@stanford.edu, ietf-ldapext@netscape.com
Subject: Subschema management (was Abstract object class)
From: David Chadwick <d.w.chadwick@iti.salford.ac.uk>
Date: Sat, 21 Nov 1998 17:47:19 +0000
In-reply-to: <199811210746.XAA29394@Wind.Stanford.EDU>
Organization: University of Salford
References: Your message of Thu, 05 Nov 1998 10:20:39 -0700
Resent-date: Sat, 21 Nov 1998 09:48:20 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"8RuEu1.0.lp1.YplLs"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Ed Reed wrote:

> > Note that even within administrative domains (corporations, for
> > instance) it's vital that departments and org units within the larger
> > namingContext have their own schema - it's unreasonable for the software
> > purchased by Sales in NYC to extend the schema for Engineering in Denver
> > when they have separate internal administrative domains with separate
> > administrators and namespaces.  But both still reside within the larger
> > corporate namingContext, and may need to be subject to a common
> > organizational schema onto which their schema extensions are laid.
> 

And Jeff added:

> I just want to simply "second" the above requirement statement. It's clear
> in our deployment at Stanford that such capabilities are needed. And
> replication needs to play into this also.
> 
> I wasn't aware of the "content rules" notion in X.500(93). Thanks to Ed,
> Erik, and Paul for the enlightening discussion.

If we want to keep in sync with the X.500 administrative model, then we cannot 
have inner administrative authorities for subschema, whereby departments add 
their own subschema definitions to their bits of the tree. The schema for the 
whole administrative domain (the organisation) must be held in a single 
subschema subentry. There are two solutions to this as I see it (using the 
existing X.500 model)

i) the organisation's naming context is partitioned into separate administrative 
domains for subschema management, and each domain can set its own 
subschema in its own subentry. In this case the common schema used by the 
whole organisation would only be held externally on paper somewhere, and not 
actually in the DIT.

ii) the organisation is not partitioned for subschema management, but the 
various departmental administrators are given access permissions to update 
the subschema subentry by adding their own definitions to it (note adding and 
not deleting!!). The new definitions do however apply to the whole organisation. 
In this case we have devolved management but global applicability.

On my reading of X.500, content rules on their own do not provide a solution, 
since these are held in the single subschema subentry.

David

***************************************************

David Chadwick
IT Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351  Fax +44 161 745 8169
Mobile +44 370 957 287
Email D.W.Chadwick@iti.salford.ac.uk
Home Page  http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm

***************************************************

Follow-Ups:
- Re: Subschema management (was Abstract object class)
  - From: Erik Skovgaard <eskovgaard@geotrain.com>

References:
- Re: Abstract object class
  - From: Jeff.Hodges@stanford.edu

Prev by Date: Re: Abstract object class
Next by Date: RE: http-digest authentication comments...
Index(es):
- Chronological
- Thread