[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Fwd: controlling visability of subentries

To: <helmut.volpers@icn.siemens.de>, <Kurt@OpenLDAP.org>
Subject: RE: Fwd: controlling visability of subentries
From: "Ed Reed" <eer@OnCallDBA.COM>
Date: Thu, 19 Oct 2000 10:49:48 -0600
Cc: <ietf-ldup@imc.org>, <ietf-ldapext@netscape.com>
Content-disposition: inline

Yes - to follow the model of X.511, the following will apply:

If the control is present, then NO other
entries will be considered for return to a search operation, though other
entries may be referenced in the base of the search, and normal ACI
policy will be inforced.  

If the control is NOT present, then NO subentries
will be considered for return to a search operation.

=================
Ed Reed
Reed-Matthews, Inc.
+1 801 796 7065
http://www.Reed-Matthews.COM

>>> "Volpers, Helmut" <helmut.volpers@icn.siemens.de> 10/19/00 08:39AM >>>
I think Kurt is right. It's the simplest solution.
Does this mean that an LDAPServer should never gives a subentry in the 
search result if this control is not set ?

Helmut

> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org] 
> Sent: Thursday, October 19, 2000 4:18 PM
> To: Ed Reed
> Cc: ietf-ldup@imc.org; ietf-ldapext@netscape.com 
> Subject: Re: Fwd: controlling visability of subentries
> 
> 
> I prefer option 1 as it is simple, adequately resolves this issue,
> and is consistent with other such extensions (e.g. manageDsaIT
> control).  As LDAP subentry TS is an elective extension to the
> LDAP protocol, I believe this to be best.  I would prefer
> to keep "future work" off this particular table so that we might
> reach closure on the LDAP subentry TS soon.
> 
> Kurt
> 
> At 09:24 PM 10/18/00 -0600, Ed Reed wrote:
> >Okay, Kurt - I've reviewed what X.511 specifies for the 
> service control
> >used to control subentry visibility.  What is your opinion 
> on what we should
> >do in LDAP?
> >
> >1) create a control which has no parameters, but has the 
> effect that when
> >it is present, it is interpreted identically to an X.511 
> service control with the
> >subentries bit set TRUE; or
> >
> >2) create a control which has a parameter identical to the 
> service control
> >specified by X.511.  This would have the effect of providing 
> a lot of the
> >additional controls needed to add distributed operations to 
> LDAP (including
> >preferChaining, chainingProhibited, etc.), but would also 
> provide things
> >like timeLimit, sizeLimit, scopeOfReferral, and 
> attributeSizeLimit, etc.
> >In X.511, the serviceControls are among the CommonArguments included
> >with each request.
> >
> >I suppose we could consider the list of controls in LDAP 
> providing the
> >equivalent to the set of CommonArguments.  
> >
> >What's your take?  1 would be easier to document.  2 would lay
> >important groundwork that should be considered in the 
> context of future
> >work to add distributed operations to LDAP.
> 
>

Prev by Date: RE: Fwd: controlling visability of subentries
Next by Date: RE: Fwd: controlling visability of subentries
Index(es):
- Chronological
- Thread