Subentries: Need for a control to access?

[Ed Reed <ED_REED@novell.com>]

In section 3.1 of the draft (http://www.ietf.org/internet-drafts/draft-ietf-ldup-subentry-00.txt) it says 

"NOTE:  No special treatment of LDAP Subentries by applications is
required, but it might be worth considering creating an LDAPv3 control
to indicate when LDAP Subentries are desired to be returned (subject
to access controls and search filters, of course) for LDAP search
operations."

After discussions with others on the list, I think there is no need for
a separate control, after all.

If entries derived from the lDAPsubEntry class are NOT returned to
search operations UNLESS SPECIFICALLY ASKED FOR by
including a matching criteria "objectclass=LDAPsubentry" in the
search match specification, then that critera accomplishes the same
goal that a control would...to explicitly include such entries in the
scope of operations requested.

So, I'm proposing that the NOTE be changed to read...

"NOTE:  No special treatment of LDAP Subentries by applications
or directory services is required.  However, servers which DO provide
special handling MUST do so in the following way:  

a) search operations which include a matching criteria 
"objectclass=lDAPsubEntry" MUST include entries derived from 
the lDAPsubEntry class in the scope of their operations;  

b) search operations which do not include a matching
criteria "objectclass=lDAPsubEntry" MUST IGNORE entries
derived from the lDAPsubEntry class, and exclude them from the scope
of their operations."

Thus, a special control no longer seems necessary.  Agreed?

=================
Ed Reed, Technologist
Novell Product Management
+1 801 222 3944 (new number!)

BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Ed Reed
TEL;WORK:801-222-3944
ORG:;Product Management
TEL;PREF;FAX:TBD
EMAIL;WORK;PREF;NGW:ED REED@novell.com
N:Reed;Ed
TITLE:Technologist
ADR;DOM;WORK;PARCEL;POSTAL:;ORM-A-211
LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Ed Reed=0A=
ORM-A-211
X-GWUSERID:ED REED
END:VCARD