[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: namedref-00: manageDsaIt question

To: d.w.chadwick@salford.ac.uk
Subject: Re: namedref-00: manageDsaIt question
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Date: Thu, 05 Aug 1999 14:20:48 -0700
Cc: ietf-ldapext@netscape.com
In-reply-to: <37A78FE9.7AB10D28@OpenLDAP.Org>
References: <E11BnOx-0006W3-00@neodymium.btinternet.com>
Resent-date: Thu, 05 Aug 1999 14:22:12 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"xTZ5fB.A.6KE.9Bgq3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Belay my last response.  I've provide another example:

Server A masters "o=abc,c=us"
Server B masters "ou=hq,o=abc,c=us"

server M holds replicates of
	"o=abc,c=us"
	"ou=hq,o=abc,c=us"

As such, the are separate naming contexts as they are mastered
by different servers.

X holds a replica of "o=abc,c=us" naming context.
Y holds a replica of "ou=hq,o=hq,c=us" naming context.
Z holds a replica of both "o=abc,c=us" and "ou=hq,o=hq,c=us" naming
contexts.

X, Y and Z refer requests to which they do not hold to M.

In name context "o=abc,c=us", the following named reference exists:
	dn: ou=hq,o=abc,c=us
	ou: hq
	ref: ldap://Y/ou=hq,o=abc,c=us
	ref: ldap://Z/ou=hq,o=abc,c=us
	objectclass: referral
	objectclass: extensibleObject

and the entries "o=abc,c=us" and "ou=hq,o=abc,c=us" both exist in their respective naming contexts.

A. If a client does a ManageDsaIT enabled base search for
"ou=hq,o=abc,c=us" against server X, X should respond with
the referral object in the "o=abc,c=us" context.

B. If a client does a ManageDsaIT enabled base search for
"ou=hq,o=abc,c=us" against server Y, Y could respond with either:
	1. the actual "ou=hq,o=abc,c=us" entry or
	2. a referral the superior server Z.

C. If a client does a ManageDSAIT enabled base search for
"ou=hq,o=abc,c=us" against server Z, Z could respond with either
	1. the actual "ou=hq,o=abc,c=us" entry or
	2. the referral object "ou=hq,o=abc,c=us" held in "o=abc,c=us" context.

D. If a client does a ManageDSAIT enabled base search for
"ou=hq,o=abc,c=us" against server M, M could respond with either
	1. the actual "ou=hq,o=abc,c=us" entry or
	2. the referral object "ou=hq,o=abc,c=us" held in "o=abc,c=us" context.

Cases C and D, to me, are the interesting cases.  If the servers
Z and M return the actual entry than the ManageDsaIT won't let the
client manage (compare,search) the referral object held in the superior
naming context.  If you allow Z and M to return the referral object,
than it makes sense to me that option 2 should result in case B.

Kurt

References:
- Re: namedref-00: manageDsaIt question
  - From: David Chadwick <d.w.chadwick@iti.salford.ac.uk>
- Re: namedref-00: manageDsaIt question
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>

Prev by Date: Re: Returning single values from multivalued attributes
Next by Date: Re: Returning single values from multivalued attributes
Index(es):
- Chronological
- Thread