[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ActiveDirectory schema

To: Mark Wahl <M.Wahl@INNOSOFT.COM>
Subject: Re: ActiveDirectory schema
From: Ludovic Poitou <ludovic.poitou@france.Sun.COM>
Date: Mon, 14 Jun 1999 11:20:38 +0200
Cc: David Boreham <dboreham@netscape.com>, "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>, Rob Weltman <rweltman@netscape.com>, ietf-ldapext@netscape.com
Organization: Sun Microsystems Inc.
References: <28813.929311601@threadgill.austin.innosoft.com>
Resent-date: Mon, 14 Jun 1999 02:23:28 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"AmWohB.A.68D.JoMZ3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Mark,

Is there a standard way to publish the operational attributes
defined/used by the server ?
How can I guess that your server uses subtreeACL as a directory
Operational attribute and that I can retrieve it (provided I have
correct ACLS) ?

Ludovic Poitou.



Mark Wahl wrote:
> 
> > Mind you, surely one aci attribute (for which there's
> > a fairly good reason to add to "top") is less of
> > a crime than a whole page of random attributes ?
> 
> The only entities which can choose to add new attributes to an
> object class with top's OID is the ITU/ISO.  The ITU/ISO
> provide THREE different techniques that vendors/deployers are
> free to use that allow them to have additional attributes in
> all objects without violating the standards.  These include:
>  - the auxiliary object class (since 1988),
>  - schema content/structural rules (since 1993),
>  - operational attributes (since 1993)
> 
> For example, the Innosoft directory server product allows access
> control attributes to be present in entries, but does so by
> defining attributes such as subtreeACL as directoryOperational
> attributes that users (in particular administrators) can
> modify.  Operational attributes are not necessary to be part of
> any object class definition to be present in an entry.
> 
> It is impolite to break the ITU/ISO's spec by adding attribtes
> to an object class whose semantics are foreign to that object
> class'es definition.  If a vendor has a grievance with the way the
> object class is defined, they should present their complaint to
> the appropriate people writing the spec by filing a defect report form.
> (Your national standards body representative has contact details.)
> This would allow both sides to discuss the definition of the object
> class and perhaps agree on a new object class that would supplant
> the old one.
> 
> Mark Wahl, Directory Product Architect
> Innosoft International, Inc.

-- 
Ludovic Poitou
Sun Microsystems Inc.
Sun-Aol Alliance - Directory Group - Grenoble - France

Follow-Ups:
- Re: ActiveDirectory schema
  - From: Mark Wahl <M.Wahl@INNOSOFT.COM>

References:
- Re: ActiveDirectory schema
  - From: Mark Wahl <M.Wahl@INNOSOFT.COM>

Prev by Date: Re: ActiveDirectory schema
Next by Date: RE: ActiveDirectory schema
Index(es):
- Chronological
- Thread