[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unique identifiers for LDAP attributes

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, ietf-ldapext@netscape.com
Subject: Re: Unique identifiers for LDAP attributes
From: "David Chadwick" <d.w.chadwick@salford.ac.uk>
Date: Thu, 13 Jul 2000 18:00:43 +0100
Cc: ietf-ldapext@netscape.com
In-reply-to: <4.3.2.7.0.20000713074054.00b34e90@infidel.boolean.net>
Organization: University of Salford
References: <396DDA11.21832.8622E56@localhost>

Date sent:      	Thu, 13 Jul 2000 08:00:58 -0700
To:             	d.w.chadwick@salford.ac.uk
From:           	"Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject:        	Re: Unique identifiers for LDAP attributes
Copies to:      	ietf-ldapext@netscape.com

> At 03:02 PM 7/13/00 +0100, David Chadwick wrote:
> >However, we have the situation that some LDAP servers do not 
> >require OIDs to be defined for attribute types,
> 
> Which implies they cannot properly publish schema...

Correct

There is another interesting problem that you may be interested in 
related to the non-use of OIDs. The matching rule used to select a 
subschema definition is, wait for it....

 objectIdentifierFirstComponentMatch

Thus the client needs to know the OID of the schema definition it 
needs to selectively fetch it. But if LDAP never passes an OID to 
the client, how does the client know which subschema definition it 
needs? In order to solve this, it means we really need  a 
"nonUniqueStringSecondComponentMatch" matching rule to be 
defined for LDAP.

> Which implies they must be read-only servers...

Why? Sorry,  I dont follow this one. LDAP updates dont need to use 
OIDs.

--snip--
> 
> I would support stating that servers MUST use a non-ambiguous
> identifier.  That is, they must either ensure that NAME of given
> schema elements are non-ambiguous (with a subschema subentry)
> or use OIDs.
> 

Sort of agree, however making NAME only unambiguous within a 
subschema subentry solves the problem for one administration, but 
not for interworking between domains. Thus NAME needs to 
globally unambiguous - which brings us full circle around to the 
problem that the Internet 2 guys are trying to solve. To my mind, 
OID is the only sensible way forward.

David

> 

***************************************************

David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351  Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page  http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J

***************************************************

Follow-Ups:
- Re: Unique identifiers for LDAP attributes
  - From: Julio Sánchez Fernández <j_sanchez@stl.es>
- Re: Unique identifiers for LDAP attributes
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Unique identifiers for LDAP attributes
  - From: "David Chadwick" <d.w.chadwick@salford.ac.uk>
- Re: Unique identifiers for LDAP attributes
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: LDAP subentry alignment with X.500 subentry
Next by Date: Re: Unique identifiers for LDAP attributes
Index(es):
- Chronological
- Thread