[Date Prev][Date Next] [Chronological] [Thread] [Top]

modifying top

To: ietf-ldapext@netscape.com
Subject: modifying top
From: Bruce Greenblatt <bgreenblatt@dtasi.com>
Date: Sun, 13 Jun 1999 23:41:51 -0700
Resent-date: Sun, 13 Jun 1999 23:42:00 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"bQ7_AB.A.bJB.xQKZ3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Here's the explanation that I use for LDAP servers that modify the top
object class.  It may be a little convuluted, but it satisfies conformance
concerns (at least to me).

From my  perspective the LDAP servers only appear to modify the top object
class, but in reality they don't.  Let's use the Netscape DS as an example.
 All objects that are contained in the DS database have both the
objectClass attribute and the ACI attribute.  They get the objectClass
attribute from the top object class.  They get the ACI attribute by virtue
of the fact that every object created in DS also a member of the hidden
auxiliary object class netscapeTop.  This object class value is hidden
because nobody normally has sufficient access rights to see this particular
value of the objectClass attribute.  The netscapeTop auxiliary object class
has the one attribute type ACI.  Thus, Netscape hasn't modified top at all,
they've made use of the auxiliary object class mechanism in a very standard
way.

Bruce

Follow-Ups:
- Re: modifying top
  - From: David Chadwick <d.w.chadwick@iti.salford.ac.uk>

Prev by Date: Re: ActiveDirectory schema
Next by Date: Re: ActiveDirectory schema
Index(es):
- Chronological
- Thread