[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Returning single values from multivalued attributes
Mark C Smith wrote:
>
> David Chadwick wrote:
> >
> > Mark Smith wrote
> >
> > > I lean towards (i) but I'd like to have more discussion about this -- both
> > > about how people envision using this feature and how the existing feature
> > > works in X.500 DAP. Can you explain exactly how the matchedValuesOnly
> > > argument works in DAP? I find the text in X.511 to be quite confusing.
> > > Some basic questions I have:
> > >
> > > a) Does matchedValuesOnly affect single-valued attributes or just
> > > multivalued ones?
> >
> > Its effect on a single valued attribute is null.
>
> I find it surprising and confusing that the behavior is different when
> an attribute has multiple values vs. when it only has one.
I didn't follow the complete discusion but what is surprising ?
When I have a single valued attribute I don't need a matchedValuesOnly
because if it
match you get it back and need no additional flag.
Just so I
> understand how this works, here's an example. Suppose entry E1 has one
> userCertificate value and entry E2 has two such values. Further suppose
> that a client wants to always retrieve the cn attribute from an entry
> but wants to receive a userCertificate value only if the cert value
> presented in a filter matches one of the certs present in the entry.
> For E1, this will require two search operations (base search to grab the
> cn and another to test for the cert) but for E2 it can be done in one
> (base search with a filter like
> "(|(cn=*)(userCertificate;binary=<DER>))" with matchedValuesOnly set to
> TRUE). Correct?
Not correct. If you make this search and the userCertificate match that
in E1
you get the entry and userCertificate back I hope.
But is this the normal search to find somebody in the directory where
the client already know the complete userCertificate ? I think you have
some parts
of the userCertificate and use the special matching rules to find the
complete userCertificates.
Or by "single valued attribute" do you mean an
> attribute type that allows multiple values? Technically, the filter I
> present above won't work because presence and equality filters don't
> work with matchedValuesOnly (see below).
I see no reason at the moment why the matchedValuesOnly cannot be used
with equality filters ? David is there a reason ?
>
> >
> > >
> > > b) Can matchedValuesOnly be used with equality filters?
> >
> > No, but the easy work around to this is to put the equality filter in the
> > extended filter element of the search.
>
> I'd like to see us fix this problem when we define a matched values only
> control for LDAPv3.
I agree with you.
Presence filters are not allowed either.
How do you want to use matchedValuesOnly with the presence filter ?
This
> seems like an unnecessary limitation to me.
>
> --
> Mark Smith
> iPlanet Directory Architect / Sun-Netscape Alliance
> My words are my own, not my employer's. Got LDAP?
begin:vcard
n:Volpers;Helmut
tel;fax:+49-89-63645860
tel;home:+49-89-1576588
tel;work:+49-89-63646713
x-mozilla-html:FALSE
url:http://www.siemens.com/bus-com/
adr:;;Otto-Hahn-Ring 6;Munich;;81730;Germany
version:2.1
email;internet:Helmut.Volpers@icn.siemens.de
title:Directory Server Architect
x-mozilla-cpt:;30160
fn:Volpers, Helmut
end:vcard