[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Fwd: controlling visability of subentries

To: <helmut.volpers@icn.siemens.de>, <Kurt@OpenLDAP.org>
Subject: RE: Fwd: controlling visability of subentries
From: "Ed Reed" <eer@OnCallDBA.COM>
Date: Thu, 19 Oct 2000 07:35:10 -0600
Cc: <ietf-ldup@imc.org>, <ietf-ldapext@netscape.com>
Content-disposition: inline

Hi, Helmut -

The ObjectClass=SUBENTRY approach (call that option 3) was my original
suggestion, but the objection to that is that search filters can quickly become
very complex, particularly if there are other similar "special" filters to add to the
mix, and that pulling them out into a control allows much more clarity of the
search filters themselves.  Reasonable.

So, I agree a control is prefered, and now we need to decide what that
control should look like - and thus my mail note.

In another response, Mark Smith copied the X.511 description of the
service control data strcture which governs subentry visibility as part
of the CommonArguments parameter of X.500 requests.  And he points
out that there is a lot of stuff there that not everyone will support
in the near (or even distant) future.

I suppose the "LDAP" thing to do would be to create a separate control
for subentry visibility, and if some LDAPv3bis work item in the future
wants to consolidate several controls into a single control ala X.511 we
can consider that then.  My current thinking is that makes sense.

But - would like to hear from more of the lists, first.

Thanks,
Ed

=================
Ed Reed
Reed-Matthews, Inc.
+1 801 796 7065
http://www.Reed-Matthews.COM

>>> "Volpers, Helmut" <helmut.volpers@icn.siemens.de> 10/19/00 02:03AM >>>
Hi Ed,

I personally think that solution 2 is the best one, specially for 
the future.
If you take solution 1 it will also work, but at least you will create
a control for every additional service control you will support.
I think to work with a control is a clean solution but the number
of controls increase rapitly and different servers have a lot of
different controls they support.
I think there is the requirement that the protocol has to be compatible
and only some administrative clients will use this feature and a simple
LDAP Client should not been broken.
We handle subentries over LDAP for all update operations like normal entries
and for the search in a special way, so if the filter contains
ObjectClass=SUBENTRY
the search operation is only for subentries and all other search operations
exclude subentries. Is this a problem ?

> -----Original Message-----
> From: Ed Reed [mailto:eer@OnCallDBA.COM] 
> Sent: Thursday, October 19, 2000 5:25 AM
> To: Kurt@OpenLDAP.org 
> Cc: ietf-ldup@imc.org; ietf-ldapext@netscape.com 
> Subject: Re: Fwd: controlling visability of subentries
> 
> 
> Okay, Kurt - I've reviewed what X.511 specifies for the 
> service control
> used to control subentry visibility.  What is your opinion on 
> what we should
> do in LDAP?
> 
> 1) create a control which has no parameters, but has the 
> effect that when
> it is present, it is interpreted identically to an X.511 
> service control with the
> subentries bit set TRUE; or
> 
> 2) create a control which has a parameter identical to the 
> service control
> specified by X.511.  This would have the effect of providing 
> a lot of the
> additional controls needed to add distributed operations to 
> LDAP (including
> preferChaining, chainingProhibited, etc.), but would also 
> provide things
> like timeLimit, sizeLimit, scopeOfReferral, and 
> attributeSizeLimit, etc.
> In X.511, the serviceControls are among the CommonArguments included
> with each request.
> 
> I suppose we could consider the list of controls in LDAP providing the
> equivalent to the set of CommonArguments.  
> 
> What's your take?  1 would be easier to document.  2 would lay
> important groundwork that should be considered in the context 
> of future
> work to add distributed operations to LDAP.
> 
> Ed
> 
> =================
> Ed Reed
> Reed-Matthews, Inc.
> +1 801 796 7065
> http://www.Reed-Matthews.COM 
> 
> >>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 08/01/00 07:41AM >>>
> Forwarded to LDUP list
> >Date: Mon, 31 Jul 2000 16:23:57 -0400
> >To: ietf-ldapext@OpenLDAP.org 
> >From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
> >Subject: controlling visability of subentries
> >
> >One other issue I would like to raise in regards to LDAP subentry
> >is the mechanism proposed to control their visibility.  I believe
> >the approach of overloading the search filter to control visibility
> >is not the best approach.  As we've found previously, the semantics
> >of such overloads are difficult to define (and hence implement) when
> >the filter is complex (which we must assume it will be).
> >
> >I believe that LDAPsubentry visibility should be control by 
> a mechanism
> >more closely modeled after the X.500 subentry visibility mechanism.
> >In particular, I suggest use of a control.  The use of a control
> >will allow a clear and concise specification of visibility semantics
> >which facilitates implementation and use. 
> >
> >Comments?
> >
> >        Kurt
> 
>

Prev by Date: Re: Fwd: controlling visability of subentries
Next by Date: Re: Fwd: controlling visability of subentries
Index(es):
- Chronological
- Thread