[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fwd: controlling visability of subentries

To: <Kurt@OpenLDAP.org>
Subject: Re: Fwd: controlling visability of subentries
From: "Ed Reed" <eer@OnCallDBA.COM>
Date: Wed, 18 Oct 2000 21:24:49 -0600
Cc: <ietf-ldup@imc.org>, <ietf-ldapext@netscape.com>
Content-disposition: inline

Okay, Kurt - I've reviewed what X.511 specifies for the service control
used to control subentry visibility.  What is your opinion on what we should
do in LDAP?

1) create a control which has no parameters, but has the effect that when
it is present, it is interpreted identically to an X.511 service control with the
subentries bit set TRUE; or

2) create a control which has a parameter identical to the service control
specified by X.511.  This would have the effect of providing a lot of the
additional controls needed to add distributed operations to LDAP (including
preferChaining, chainingProhibited, etc.), but would also provide things
like timeLimit, sizeLimit, scopeOfReferral, and attributeSizeLimit, etc.
In X.511, the serviceControls are among the CommonArguments included
with each request.

I suppose we could consider the list of controls in LDAP providing the
equivalent to the set of CommonArguments.  

What's your take?  1 would be easier to document.  2 would lay
important groundwork that should be considered in the context of future
work to add distributed operations to LDAP.

Ed

=================
Ed Reed
Reed-Matthews, Inc.
+1 801 796 7065
http://www.Reed-Matthews.COM

>>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 08/01/00 07:41AM >>>
Forwarded to LDUP list
>Date: Mon, 31 Jul 2000 16:23:57 -0400
>To: ietf-ldapext@OpenLDAP.org 
>From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
>Subject: controlling visability of subentries
>
>One other issue I would like to raise in regards to LDAP subentry
>is the mechanism proposed to control their visibility.  I believe
>the approach of overloading the search filter to control visibility
>is not the best approach.  As we've found previously, the semantics
>of such overloads are difficult to define (and hence implement) when
>the filter is complex (which we must assume it will be).
>
>I believe that LDAPsubentry visibility should be control by a mechanism
>more closely modeled after the X.500 subentry visibility mechanism.
>In particular, I suggest use of a control.  The use of a control
>will allow a clear and concise specification of visibility semantics
>which facilitates implementation and use. 
>
>Comments?
>
>        Kurt

Follow-Ups:
- Re: Fwd: controlling visability of subentries
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Java LDAP API - LDAPControl class
Next by Date: $2,000,000 in YOUR Mailbox$$$
Index(es):
- Chronological
- Thread