Re: namedref-00: manageDsaIt question

["Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>]

Here is another example:

Server A masters "o=abc,c=us"
Server B masters "ou=hq,o=abc,c=us"

As such, the are separate naming contexts as they are mastered
by different servers.

Server A and B cross replica.  In addition server C replicates
just "o=abc,c=us" and a server D replicates just "ou=hq,o=abc,c=us"
(servers C and D demonstrate that the DITs and DSAs are separately
administrated but otherwise not used in this example).  All naming
contexts use single-master replication policies.

In name context "o=abc,c=us", the following named reference exists:
	dn: ou=hq,o=abc,c=us
	ou: hq
	ref: ldap://A/ou=hq,o=abc,c=us
	ref: ldap://B/ou=hq,o=abc,c=us
	ref: ldap://D/ou=hq,o=abc,c=us
	objectclass: referral
	objectclass: extensibleObject

and the entries "o=abc,c=us" and "ou=hq,o=abc,c=us" both exist in their respective naming contexts.

A. If a client does a ManageDSAIT enabled base search for
"ou=hq,o=abc,c=us" against server A, A could respond with either
	1. the actual "ou=hq,o=abc,c=us" entry or
	2. the referral object "ou=hq,o=abc,c=us" held in "o=abc,c=us" context.

B. If a client does a ManageDSAIT enabled base search for
"ou=hq,o=abc,c=us" against server B, B could respond with either
	1. the actual "ou=hq,o=abc,c=us" entry or
	2. the referral object "ou=hq,o=abc,c=us" held in "o=abc,c=us" context.

Per my reading of the namedref draft, case 1 would have to be
returned in both case A and case B.  However, this disallows
modification the referral object held in the "o=abc,c=us" naming
context. 

Kurt