Re: namedref-00: manageDsaIt question

["Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>]

Maybe I should give a another example.

server M masters two naming contexts
	"o=abc,c=us"
	"ou=hq,o=abc,c=us"

and replicates just "o=abc,c=us" to X and just "ou=hq,o=abc,c-us" to Y
and both to Z.  X, Y and Z refer requests to which they do not hold to M.

In name context "o=abc,c=us", the following named reference exists:
	dn: ou=hq,o=abc,c=us
	ou: hq
	ref: ldap://Y/ou=hq,o=abc,c=us
	ref: ldap://Z/ou=hq,o=abc,c=us
	objectclass: referral
	objectclass: extensibleObject

and the entries "o=abc,c=us" and "ou=hq,o=abc,c=us" both exist in their respective
naming contexts.

A. If a client does a ManageDsaIT enabled base search for "ou=hq,o=abc,c=us" against
server X, X should respond with the referral object in the "o=abc,c=us" context.

B. If a client does a ManageDsaIT enabled base search for "ou=hq,o=abc,c=us" against
server Y, Y could respond with either:
	1. the actual "ou=hq,o=abc,c=us" entry or
	2. a referral the superior server Z.

C. If a client does a ManageDSAIT enabled base search for "ou=hq,o=abc,c=us" against
server Z, Z could respond with either
	1. the actual "ou=hq,o=abc,c=us" entry or
	2. the referral object "ou=hq,o=abc,c=us" held in "o=abc,c=us" context.

D. If a client does a ManageDSAIT enabled base search for "ou=hq,o=abc,c=us" against
server M, M could respond with either
	1. the actual "ou=hq,o=abc,c=us" entry or
	2. the referral object "ou=hq,o=abc,c=us" held in "o=abc,c=us" context.

Cases C and D, to me, are the interesting cases.  If the servers Z and M return the
actual entry than the ManageDsaIT won't let the client manage the referral object held
in the superior naming context.  If you allow Z and M to return the referral object,
than it makes sense to me that option 2 should result in case B.

Kurt