[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fwd: controlling visability of subentries

To: "Volpers, Helmut" <helmut.volpers@icn.siemens.de>
Subject: Re: Fwd: controlling visability of subentries
From: sanjay jain <sanjay.jain@software.com>
Date: Thu, 19 Oct 2000 10:21:36 -0700
Cc: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>, Ed Reed <eer@OnCallDBA.COM>, ietf-ldup@imc.org, ietf-ldapext@netscape.com
Organization: Software.Com
References: <E1EB691EEC98D311A7CC0050DA3D8357689194@pappel.mch.sni.de>


"Volpers, Helmut" wrote:

> I think Kurt is right. It's the simplest solution.
> Does this mean that an LDAPServer should never gives a subentry in the
> search result if this control is not set ?

I guess, going with the new scheme would require change in the
following text from RFC 2251:

" Clients MUST only retrieve attributes from a subschema entry by
   requesting a base object search of the entry, where the search filter
   is "(objectClass=subschema)". (This will allow LDAPv3 servers which
   gateway to X.500(93) to detect that subentry information is being
   requested.) "

Any backward compatibility issues (existing clients
using RFC 2251 scheme to read subschema subentries) ?

>
>
> Helmut
>
> > -----Original Message-----
> > From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
> > Sent: Thursday, October 19, 2000 4:18 PM
> > To: Ed Reed
> > Cc: ietf-ldup@imc.org; ietf-ldapext@netscape.com
> > Subject: Re: Fwd: controlling visability of subentries
> >
> >
> > I prefer option 1 as it is simple, adequately resolves this issue,
> > and is consistent with other such extensions (e.g. manageDsaIT
> > control).  As LDAP subentry TS is an elective extension to the
> > LDAP protocol, I believe this to be best.  I would prefer
> > to keep "future work" off this particular table so that we might
> > reach closure on the LDAP subentry TS soon.
> >
> > Kurt
> >
> > At 09:24 PM 10/18/00 -0600, Ed Reed wrote:
> > >Okay, Kurt - I've reviewed what X.511 specifies for the
> > service control
> > >used to control subentry visibility.  What is your opinion
> > on what we should
> > >do in LDAP?
> > >
> > >1) create a control which has no parameters, but has the
> > effect that when
> > >it is present, it is interpreted identically to an X.511
> > service control with the
> > >subentries bit set TRUE; or
> > >
> > >2) create a control which has a parameter identical to the
> > service control
> > >specified by X.511.  This would have the effect of providing
> > a lot of the
> > >additional controls needed to add distributed operations to
> > LDAP (including
> > >preferChaining, chainingProhibited, etc.), but would also
> > provide things
> > >like timeLimit, sizeLimit, scopeOfReferral, and
> > attributeSizeLimit, etc.
> > >In X.511, the serviceControls are among the CommonArguments included
> > >with each request.
> > >
> > >I suppose we could consider the list of controls in LDAP
> > providing the
> > >equivalent to the set of CommonArguments.
> > >
> > >What's your take?  1 would be easier to document.  2 would lay
> > >important groundwork that should be considered in the
> > context of future
> > >work to add distributed operations to LDAP.
> >
> >

Follow-Ups:
- Re: Fwd: controlling visability of subentries
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Fwd: controlling visability of subentries
  - From: Mark Smith <mcs@netscape.com>

References:
- RE: Fwd: controlling visability of subentries
  - From: "Volpers, Helmut" <helmut.volpers@icn.siemens.de>

Prev by Date: RE: Fwd: controlling visability of subentries
Next by Date: Re: Fwd: controlling visability of subentries
Index(es):
- Chronological
- Thread