[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Returning single values from multivalued attributes
Date sent: Thu, 05 Aug 1999 17:12:38 -0400
From: Sean Mullan <sean.mullan@sun.com>
Organization: Sun Microsystems
To: d.w.chadwick@salford.ac.uk
Copies to: ietf-ldapext@netscape.com
Subject: Re: Returning single values from multivalued attributes
> Hi David,
>
> I'd like to work on an LDAP draft with you as I believe this is very
> important. (Actually, I was planning to write a draft but I was a
> bit discouraged by the lack of response to my message on 7/30). Please let
> me know how you want to coordinate this.
Great, if you want to write the first version and send it to me, as I am
going on holiday next week for some time so I wont be able to
publish the draft myself until September.
>
> I think that 2 drafts are probably needed, one describing a control for
> the matchedValuesOnly feature and another for describing the X.509
> certificate and CRL matching rules as new LDAP matching rules.
I have already made a start on this in the soon to be released
update of LDAPv3 profile for PKIX. Mark Wahl has said he will wrap
the new matching rules into the revision of RFC 2252 when he
updates it.
So we probably dont need the second draft.
David
>
> Thanks,
> --Sean
>
> David Chadwick wrote:
> >
> > This topic has been briefly discussed on this list before (30 July), but
> > no conclusions were reached. Briefly the situation is that X.500 DAP
> > allows a user to search an entry and only request that matched values
> > are returned from a multi-valued attribute rather than all attributes.
> > LDAP only allows all or no values to be returned.
> >
> > There has also been a request in the PKIX group that LDAP should
> > allow a single user certificate to be returned (the one that matches the
> > users filter), rather than all the users certificates.
> >
> > I believe that once clients start to retreive schema definitions they
> > will also want matched values only to be returned.
> >
> > There are a couple of approaches this group can take
> >
> > i) say that this is not a significant problem and ignore it. Let the
> > client sort out the value it wants
> >
> > ii) say that it is a significant problem and try to fix it via a new
> > matchedValuesOnly control ID. (I can volunteer to write the ID if people
> > are interested in it)
> >
> > What do people think about this?�> > �
> > David
> >
> > ***************************************************
> >
> > David Chadwick
> > IS Institute, University of Salford, Salford M5 4WT
> > Tel +44 161 295 5351 Fax +44 161 745 8169
> > Mobile +44 790 167 0359
> > *NEW* Email D.W.Chadwick@salford.ac.uk *NEW*
> > Home Page http://www.salford.ac.uk/its024/chadwick.htm
> > Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
> > X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
> > Entrust key validation string MLJ9-DU5T-HV8J
> >
> > ***************************************************
>
> --
> Sean Mullan Email: sean.mullan@sun.com
> Sun Microsystems Laboratories Tel: (781) 442-0926
> One Network Drive Fax: (781) 442-1692
> Burlington, MA 01803-0902
>
***************************************************
David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
Mobile +44 790 167 0359
*NEW* Email D.W.Chadwick@salford.ac.uk *NEW*
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J
***************************************************