delete permission

["David Chadwick" <d.w.chadwick@salford.ac.uk>]

> 
> >iii) delete this entry permission. What happens if the entry has
> >subordinates. Are permissions needed for the subordinates or not. The
> >text is mute on this point, although it does mention that no
> >permissions are needed on attributes in the entry.
> 
> (EJS)  The intent here was to provide the same semantic as X.500.
> However, I think we may have missed the point you mention about
> subordinates.  It seems to me that if you the entry you're deleting is
> a leaf entry, then no problem.  If there are subordinates, then you
> can't just delete an entry in the middle of the DIT, but also need
> permisison to delete each subordinate.  What does X.500 do?

X.500 does not have this problem as only leaf entries can be 
removed. LDAPv3 basic only allows leaf entries to be deleted, but 
there was talk of having an operation to delete full subtrees. I dont 
know the status of this, do you?

David

***************************************************

David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351  Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page  http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J

***************************************************