Re: Fwd: controlling visability of subentries

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 10:21 AM 10/19/00 -0700, sanjay jain wrote:
>"Volpers, Helmut" wrote:
>
>> I think Kurt is right. It's the simplest solution.
>> Does this mean that an LDAPServer should never gives a subentry in the
>> search result if this control is not set ?
>
>I guess, going with the new scheme would require change in the
>following text from RFC 2251:
>
>" Clients MUST only retrieve attributes from a subschema entry by
>   requesting a base object search of the entry, where the search filter
>   is "(objectClass=subschema)". (This will allow LDAPv3 servers which
>   gateway to X.500(93) to detect that subentry information is being
>   requested.) "
>
>Any backward compatibility issues (existing clients
>using RFC 2251 scheme to read subschema subentries) ?

Yes.  And they will have to be addressed in due course.

I suggest the LDAP subentry I-D itself not directly address issues
surrounding the LDAP subschema "entry (or subentry)" as described in
RFC 2251.  This is better left to LDAPbis efforts.

Some of the issues are:
  RFC 2251 says "subschema entry (or subentry)"
  RFC 2251 is referring to X.500's subentry
  LDAP subentry != X.500 subentry
  Support for subentries (of any flavor) is optional in LDAP
    (as currently defined).
  RFC 2251 ONLY allows "(objectClass=subschema)" and
    clients often want to apply more complex filters
    (such as an objectClasses or attributeTypes assertion)

I suggest discussing regarding the updating of RFC 2251 and
other core documents be moved to the LDAPbis mailing list
<ietf-ldapbis@openldap.org>.

Kurt