Re: Revised Matched Values Draft

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 06:01 PM 7/11/00 -0700, Bruce Greenblatt wrote:
>I'll voice the same reservations this time that I voiced last time.
>
>Use of this control solves a problem that normally exists due to poor schema and DIT design.

X.500 is designed to support multiple valued attributes.  In numerous
cases it makes good sense for a given attribute to have many
(hundreds, thousands, more?).  X.500 recognized this and, to aid
in clients accessing such attributes, provide a mechanism to
returned only the desired values.  LDAPv3 is missing this
functionality.  This control extends LDAP to provide functionality
already available to X.500 users (via DAP).   Without this
control, clients have to implement the appropriate matching rules
and apply it to all returned values to locate the desired values.

The control will solve operational issues which exist today due to
design of our current schema (X.5xx/RFC2252/RFC2256).

I believe this control will be useful for both user and management
applications.  When used appropriately, it will reduce the burden
upon the client and the network.  The overhead of server computation
is likely in the noise (the control may actually reduce server
side computation associated with some requests).  

In the user application space, this control may be used obtain the specification for a particular attribute type.  The subentry (or
entry) which controls the entry attributeTypes attribute may have
hundreds of values as the entry may be allowed to have hundreds
of attribute types.  This reduces the burden of client (and
the network).

In the management application space, this control will also be
quite useful for managing (X.500) ACIs and groups (especially
when used with ACIs... as you cannot nest access groups).

        Kurt