RE: LDAP extensions for subtrees.

[Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>]

The issue of subtree level operations that involve more than one object
(either user or admina area management objects ) is that they do require
some formal (or implied) locking "concept/mechanism".
Specifically multi path deletes that may embrace many servers
(subordinates) and any issues that deal with server/DIT boundaries will
be quite complex to deal with. eg. See DOP re adds on DSA boundaries and
propagation of replication agreements, DSA knowledge, access contol
info, schema definitions, contexts and collective attributes, etc 


X.500/LDAP is atomic at the entry object level only - thats why its
object based. Any thing more complex over many servers requires a CCR
type capability.
If you can get a hold of Commitment, Concurrency and Recovery ISO 9804
and 9805 and also read the DOP bits in X.518 - this may help as input to
the debate.

This transaction consistency across distributed directory services will
be a challenge :-)

regards alan

> -----Original Message-----
> From:	Bruce Greenblatt 
> Sent:	Monday, June 21, 1999 11:31 AM
> To:	rweltman@netscape.com; ietf-ldapext@netscape.com
> Subject:	Re: LDAP extensions for subtrees.
> 
> At 09:50 AM 6/20/99 -0700, Rob Weltman wrote:
> >  Bruce,   There is some need for subtree operations besides moddn,
> at
> >least subtree deletion, but the draft proposal doesn't handle
> >transactionality, locking, and distribution (referrals) - which I
> believe
> >are the hardest things related to subtree operations. Rob 
> 
> Yes, but these operations are all atomic, which bypasses the need for
> transactional capabilities at the LDAP level...
> 
> Bruce