[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Returning single values from multivalued attributes

To: d.w.chadwick@salford.ac.uk
Subject: Re: Returning single values from multivalued attributes
From: mcs@netscape.com (Mark C Smith)
Date: Thu, 05 Aug 1999 17:09:56 -0400
Cc: ietf-ldapext@netscape.com
Organization: Netscape Communications
References: <E11CSYE-0003jx-00@carbon.btinternet.com>
Resent-date: Thu, 05 Aug 1999 14:10:41 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"TpOiYC.A.YjC.J3fq3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

David Chadwick wrote:
> 
> This topic has been briefly discussed on this list before (30 July),
> but no conclusions were reached. Briefly the situation is that X.500
> DAP allows a user to search an entry and only request that matched
> values are returned from a multi-valued attribute rather than all
> attributes. LDAP only allows all or no values to be returned.
> 
> There has also been a request in the PKIX group that LDAP should
> allow a single user certificate to be returned (the one that matches
> the users filter), rather than all the users certificates.

Is it a valid assumption that most entries will contain only a few
certificates?  If so, the value of returning only the one that is
matched is reduced.  Of course certificates are typically fairly large,
so reducing the amount of data sent might be useful.  My guess is that
reducing the number of network round trips is more important than
reducing the data itself -- and a matchedValuesOnly control won't change
help there.

> ...
> I believe that once clients start to retreive schema definitions they
> will also want matched values only to be returned.

Some clients do this now.  I suspect many of them download all of the
schema in a subschemasubentry the first time they need to make use of
any of it and then cache it... which makes future use fast but involves
fetching many (potentially) unneeded values during the initial subschema
search.  Personally, I think it would be better to represent each schema
element as a separate entry, but a matchedValuesOnly control would help
here.  Apparently Microsoft's Active Directory does represent each
schema element as its own entry (they also support the standard "all
schema elements in one subentry" approach).

> 
> There are a couple of approaches this group can take
> 
> i) say that this is not a significant problem and ignore it. Let the
> client sort out the value it wants
> 
> ii) say that it is a significant problem and try to fix it via a new
> matchedValuesOnly control ID. (I can volunteer to write the ID if
> people are interested in it)
> 
> What do people think about this?

I lean towards (i) but I'd like to have more discussion about this --
both about how people envision using this feature and how the existing
feature works in X.500 DAP.  Can you explain exactly how the
matchedValuesOnly argument works in DAP?  I find the text in X.511 to be
quite confusing.  Some basic questions I have:

a) Does matchedValuesOnly affect single-valued attributes or just
multivalued ones?

b) Can matchedValuesOnly be used with equality filters?

-- 
Mark Smith
iPlanet Directory Architect / Sun-Netscape Alliance
My words are my own, not my employer's.   Got LDAP?

Follow-Ups:
- Re: Returning single values from multivalued attributes
  - From: dboreham@netscape.com (David Boreham)
- Re: Returning single values from multivalued attributes
  - From: Sean Mullan <sean.mullan@Sun.COM>
- Re: Returning single values from multivalued attributes
  - From: David Chadwick <d.w.chadwick@salford.ac.uk>

References:
- Returning single values from multivalued attributes
  - From: David Chadwick <d.w.chadwick@salford.ac.uk>

Prev by Date: Re: namedref-00: manageDsaIt question
Next by Date: Re: Returning single values from multivalued attributes
Index(es):
- Chronological
- Thread