RE: LDAP subentry, discussion on CN {MUST or MAY}

[David Chadwick <d.w.chadwick@salford.ac.uk>]

 > 
> > LDAPsubentry is quite dissimiliar in definition to the X.500
> > subentry. It doesn't allow have a subtree specifier.  Hence, the new
> > OID.
> 

In fact LDAP implies the default value for subtreeSpecification 
(which is simply an empty sequence). THe meaning of this is the 
entire naming context. So LDAP subentries are the most degenerate 
case of X.500 subentries. Because of this you are able to go one 
step further in simplification - rather than having a 
subtreeSpecification attribute with a value which is always an empty 
sequence you have decided to simply omit the attribute altogether 
(which is sensible). But what happens if in the future if you decide 
that you would like to manage a section of a naming context, rather 
than the whole of it. Well then you can re-invent 
subtreeSpecifications!!

David


> independant of the OID, what is the problem to define the LDAPsubentry
> with the same semantics as an X.500 subentry ? In our Implementation I
> can retrieve the X.500 subentries easily over LDAP, if a ldapclient
> search for OCL=LDAPSubentry it is handled by the server the same way
> as it is handled if the X.500 ServiceControl SUBENTRIES=TRUE. So I can
> search for the X.500 subentries over LDAP. > 
> 
> 


***************************************************

David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351  Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page  http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J

***************************************************