Re: [ldap] Re: Version of Netscape Directory Service portocol

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 10:47 AM 5/18/00 -0500, Mark Wahl wrote:
>You don't see operational attributes by default when searching entry DSEs.

Why?  I think RFC 2251 is pretty clear.
	"servers will not return operational attributes, such as
	objectClasses or attributeTypes, unless they are listed by name

The language implies a MUST.

I've searched X.500(93) informational and service documents and
could not find any piece of information that in conflict with
RFC 2251.  (An even it such existed, the RFC 2251 above (IMO)
would take precedence). 

> The same applies to the subschema DSE, which is not an entry.

>From my reading of X.511(97rev0) [sorry, I don't have a copy
of 93 version], a subschema DSE appears to behave just like
a entry DSE in regards to operational attributes.

I think the answer lies in the Directory service abstract
model.  Regardless of what sort of DSE an object is in the
DSA should not be exposed via client access protocol.  To
the client, all DSEs interacted with should behave like
entries.

Given RFC 2251 says subschema is an "entry (or subentry)",
this is especially important.  We cannot have subschema
entry returned behaving differently depending where it's
a entry or subentry DSE.

	Kurt