[Date Prev][Date Next] [Chronological] [Thread] [Top]
[no subject]

To: Sean Mullan <sean.mullan@Sun.COM>
From: mcs@netscape.com (Mark C Smith)
Organization: Netscape Communications
Copies to:      	ietf-ldapext@netscape.com
Subject:        	Re: Returning matched values only from a search operation
Forwarded by:   	ietf-ldapext@netscape.com

> Sean Mullan wrote:
> > 
> > The search operation defined by X.511 contains a BOOLEAN
> > matchedValuesOnly argument, which if true returns only the values
> > in a multi-valued attribute which match the specified filter
> > (as opposed to all the values).
> > 
> > This seems like a very useful feature, but does not appear to
> > be enabled by the LDAP search operation. Has there been an
> > LDAP control to add this functionality?
> > 
> > For example, the matchedValuesOnly control could be combined with
> > an extensible certificate matching rule to only return the matching
> > certificates from an entry's multi-valued userCertificate attribute.
> 
> I don't remember all of the discussion, but I think this was left out of
> LDAPv3 in order to simplify the protocol.  In my experience, this bell (or
> is it a whistle?) is not desperately needed by LDAP applications because
> most applications are content with retrieving all of the values and
> examining the values themselves.  That isn't really much more work for the
> application or inefficient as long as (1) the application knows how to
> compare the values and (2) there are not dozens or hundreds of values.

Once LDAP servers start to implement the whole of LDAPv3 as 
currently specified, in particular, by storing subschema definitions 
in the subschema subentry, then you will realise the benefit of the 
matched values only flag. A server might typically store 50 or more 
different attribute type definitions, most of which are defined in 
RFCs or ISO standards. A few will be locally defined. Those clients 
that wish to fetch the local definitions will be burdened with retreiving 
all 50 or more definitions, the vast majority of which they are already 
familiar with. THis is clearly inefficient, and was the main reason for 
X.500 adding the flag in the first place. Individual schema definitions 
can be downloaded by using it. (there is an explanation of this in my 
book)

David

> 
> -- 
> Mark Smith
> iPlanet Directory Architect / Sun-Netscape Alliance
> My words are my own, not my employer's.   Got LDAP?
> 
> 


***************************************************

David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351  Fax +44 161 745 8169
Mobile +44 790 167 0359
*NEW* Email D.W.Chadwick@salford.ac.uk *NEW*
Home Page  http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J

***************************************************
Prev by Date: [no subject]
Index(es):
- Chronological
- Thread