[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fwd: controlling visability of subentries

To: "Volpers Helmut" <helmut.volpers@icn.siemens.de>
Subject: Re: Fwd: controlling visability of subentries
From: Mark Smith <mcs@netscape.com>
Date: Thu, 19 Oct 2000 09:06:57 -0400
Cc: "'Ed Reed'" <eer@OnCallDBA.COM>, Kurt@OpenLDAP.org, ietf-ldup@imc.org, ietf-ldapext@netscape.com
Organization: iPlanet E-Commerce Solutions
References: <E1EB691EEC98D311A7CC0050DA3D8357689188@pappel.mch.sni.de>

The problem I see with solution 2 (create a control that mimics the X511
ServiceControls) is that there would be no way for an LDAP client to
discover the subset of ServiceControls that is supported on a given LDAP
server.  Surely we are not going to require support for everything in
ServiceControls just to solve the subentry problem.  Therefore, I prefer
solution 1.

And so everyone knows what we are talking about, from X.511:

   A ServiceControls parameter contains the controls,
   if any, that are to direct or constrain the provision
   of the service. 

   ServiceControls ::= SET {
     options [0] BIT STRING {
     preferChaining (0),
     chainingProhibited (1),
     localScope (2),
     dontUseCopy (3),
     dontDereferenceAliases (4),
     subentries (5),
     copyShallDo (6), } DEFAULT {},
     partialNameResolution (7),
     manageDSAIT (8) } } DEFAULT {},
     priority [1] INTEGER
          { low (0), medium (1), high (2) } DEFAULT medium,
     timeLimit [2] INTEGER OPTIONAL,
     sizeLimit [3] INTEGER OPTIONAL,
     scopeOfReferral [4] INTEGER { dmd(0), country(1) } OPTIONAL,
     attributeSizeLimit [5] INTEGER OPTIONAL
     manageDSAITPlaneRef [6] SEQUENCE {
     dsaName Name,
     agreementID AgreementID } OPTIONAL }

-- 
Mark Smith
Netscape Communications Corp.



"Volpers, Helmut" wrote:
> 
> Hi Ed,
> 
> I personally think that solution 2 is the best one, specially for
> the future.
> If you take solution 1 it will also work, but at least you will create
> a control for every additional service control you will support.
> I think to work with a control is a clean solution but the number
> of controls increase rapitly and different servers have a lot of
> different controls they support.
> I think there is the requirement that the protocol has to be compatible
> and only some administrative clients will use this feature and a simple
> LDAP Client should not been broken.
> We handle subentries over LDAP for all update operations like normal entries
> and for the search in a special way, so if the filter contains
> ObjectClass=SUBENTRY
> the search operation is only for subentries and all other search operations
> exclude subentries. Is this a problem ?
> 
> > -----Original Message-----
> > From: Ed Reed [mailto:eer@OnCallDBA.COM]
> > Sent: Thursday, October 19, 2000 5:25 AM
> > To: Kurt@OpenLDAP.org
> > Cc: ietf-ldup@imc.org; ietf-ldapext@netscape.com
> > Subject: Re: Fwd: controlling visability of subentries
> >
> >
> > Okay, Kurt - I've reviewed what X.511 specifies for the
> > service control
> > used to control subentry visibility.  What is your opinion on
> > what we should
> > do in LDAP?
> >
> > 1) create a control which has no parameters, but has the
> > effect that when
> > it is present, it is interpreted identically to an X.511
> > service control with the
> > subentries bit set TRUE; or
> >
> > 2) create a control which has a parameter identical to the
> > service control
> > specified by X.511.  This would have the effect of providing
> > a lot of the
> > additional controls needed to add distributed operations to
> > LDAP (including
> > preferChaining, chainingProhibited, etc.), but would also
> > provide things
> > like timeLimit, sizeLimit, scopeOfReferral, and
> > attributeSizeLimit, etc.
> > In X.511, the serviceControls are among the CommonArguments included
> > with each request.
> >
> > I suppose we could consider the list of controls in LDAP providing the
> > equivalent to the set of CommonArguments.
> >
> > What's your take?  1 would be easier to document.  2 would lay
> > important groundwork that should be considered in the context
> > of future
> > work to add distributed operations to LDAP.
> >
> > Ed
> >
> > =================
> > Ed Reed
> > Reed-Matthews, Inc.
> > +1 801 796 7065
> > http://www.Reed-Matthews.COM
> >
> > >>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 08/01/00 07:41AM >>>
> > Forwarded to LDUP list
> > >Date: Mon, 31 Jul 2000 16:23:57 -0400
> > >To: ietf-ldapext@OpenLDAP.org
> > >From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
> > >Subject: controlling visability of subentries
> > >
> > >One other issue I would like to raise in regards to LDAP subentry
> > >is the mechanism proposed to control their visibility.  I believe
> > >the approach of overloading the search filter to control visibility
> > >is not the best approach.  As we've found previously, the semantics
> > >of such overloads are difficult to define (and hence implement) when
> > >the filter is complex (which we must assume it will be).
> > >
> > >I believe that LDAPsubentry visibility should be control by
> > a mechanism
> > >more closely modeled after the X.500 subentry visibility mechanism.
> > >In particular, I suggest use of a control.  The use of a control
> > >will allow a clear and concise specification of visibility semantics
> > >which facilitates implementation and use.
> > >
> > >Comments?
> > >
> > >        Kurt
> >
> >

Follow-Ups:
- RE: Fwd: controlling visability of subentries
  - From: "Albert Langer" <Albert.Langer@Directory-Designs.org>

References:
- RE: Fwd: controlling visability of subentries
  - From: "Volpers, Helmut" <helmut.volpers@icn.siemens.de>

Prev by Date: Stock Pick of the Week
Next by Date: RE: Fwd: controlling visability of subentries
Index(es):
- Chronological
- Thread