[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Fwd: controlling visability of subentries

To: "'Ed Reed'" <eer@OnCallDBA.COM>, Kurt@OpenLDAP.org
Subject: RE: Fwd: controlling visability of subentries
From: "Volpers, Helmut" <helmut.volpers@icn.siemens.de>
Date: Thu, 19 Oct 2000 10:02:32 +0200
Cc: ietf-ldup@imc.org, ietf-ldapext@netscape.com

Hi Ed,

I personally think that solution 2 is the best one, specially for 
the future.
If you take solution 1 it will also work, but at least you will create
a control for every additional service control you will support.
I think to work with a control is a clean solution but the number
of controls increase rapitly and different servers have a lot of
different controls they support.
I think there is the requirement that the protocol has to be compatible
and only some administrative clients will use this feature and a simple
LDAP Client should not been broken.
We handle subentries over LDAP for all update operations like normal entries
and for the search in a special way, so if the filter contains
ObjectClass=SUBENTRY
the search operation is only for subentries and all other search operations
exclude subentries. Is this a problem ?

> -----Original Message-----
> From: Ed Reed [mailto:eer@OnCallDBA.COM]
> Sent: Thursday, October 19, 2000 5:25 AM
> To: Kurt@OpenLDAP.org
> Cc: ietf-ldup@imc.org; ietf-ldapext@netscape.com
> Subject: Re: Fwd: controlling visability of subentries
> 
> 
> Okay, Kurt - I've reviewed what X.511 specifies for the 
> service control
> used to control subentry visibility.  What is your opinion on 
> what we should
> do in LDAP?
> 
> 1) create a control which has no parameters, but has the 
> effect that when
> it is present, it is interpreted identically to an X.511 
> service control with the
> subentries bit set TRUE; or
> 
> 2) create a control which has a parameter identical to the 
> service control
> specified by X.511.  This would have the effect of providing 
> a lot of the
> additional controls needed to add distributed operations to 
> LDAP (including
> preferChaining, chainingProhibited, etc.), but would also 
> provide things
> like timeLimit, sizeLimit, scopeOfReferral, and 
> attributeSizeLimit, etc.
> In X.511, the serviceControls are among the CommonArguments included
> with each request.
> 
> I suppose we could consider the list of controls in LDAP providing the
> equivalent to the set of CommonArguments.  
> 
> What's your take?  1 would be easier to document.  2 would lay
> important groundwork that should be considered in the context 
> of future
> work to add distributed operations to LDAP.
> 
> Ed
> 
> =================
> Ed Reed
> Reed-Matthews, Inc.
> +1 801 796 7065
> http://www.Reed-Matthews.COM
> 
> >>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 08/01/00 07:41AM >>>
> Forwarded to LDUP list
> >Date: Mon, 31 Jul 2000 16:23:57 -0400
> >To: ietf-ldapext@OpenLDAP.org 
> >From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
> >Subject: controlling visability of subentries
> >
> >One other issue I would like to raise in regards to LDAP subentry
> >is the mechanism proposed to control their visibility.  I believe
> >the approach of overloading the search filter to control visibility
> >is not the best approach.  As we've found previously, the semantics
> >of such overloads are difficult to define (and hence implement) when
> >the filter is complex (which we must assume it will be).
> >
> >I believe that LDAPsubentry visibility should be control by 
> a mechanism
> >more closely modeled after the X.500 subentry visibility mechanism.
> >In particular, I suggest use of a control.  The use of a control
> >will allow a clear and concise specification of visibility semantics
> >which facilitates implementation and use. 
> >
> >Comments?
> >
> >        Kurt
> 
>

Follow-Ups:
- Re: Fwd: controlling visability of subentries
  - From: Mark Smith <mcs@netscape.com>

Prev by Date: The time to switch from cable to satellite is now!
Next by Date: Stock Pick of the Week
Index(es):
- Chronological
- Thread