[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Fwd: controlling visability of subentries

To: "Salter, Thomas A" <Thomas.Salter@unisys.com>
Subject: RE: Fwd: controlling visability of subentries
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 19 Oct 2000 17:20:18 -0700
Cc: ietf-ldup@imc.org, ietf-ldapext@netscape.com, ietf-ldapbis@OpenLDAP.org
In-reply-to: <EB21C070AA75D311A0AC0090271EC45C052D1AA1@us-tr-exch-1.tr.u nisys.com>

At 03:30 PM 10/19/00 -0400, Salter, Thomas A wrote:
>Your [Mark Smith's] option 2 [scope base] is the X.500 definition.  The subentries control applies to
>one-level and whole tree searches and lists, but not to baseObject or read.
>You can always get the entry with its name.

That's an interesting point.

RFC 2251 says "(objectclass=subentry)" was introduced to "allow
LDAPv3 servers which gateway to X.500(93) to detect that subentry
information is being requested."  However, given that the
requirement is for a scope base search, an LDAP/DAP gateway could
do a direct translation of the request and the appropriate
subentry would be returned by the DAP server to the gateway for
the LDAP client.  So my question is: why does a LDAP/DAP gateway
need to detect that the request is for a subentry?

Kurt

PS: I've cc'ed ietf-ldapbis@openldap.org


> > -----Original Message-----
> > From: Mark Smith [mailto:mcs@netscape.com]
> > Sent: Thursday, October 19, 2000 2:39 PM
> > To: sanjay jain
> > Cc: Volpers Helmut; 'Kurt D. Zeilenga'; Ed Reed; ietf-ldup@imc.org;
> > ietf-ldapext@netscape.com
> > Subject: Re: Fwd: controlling visability of subentries
> > 
> > 
> > sanjay jain wrote:
> > > 
> > > "Volpers, Helmut" wrote:
> > > 
> > > > I think Kurt is right. It's the simplest solution.
> > > > Does this mean that an LDAPServer should never gives a 
> > subentry in the
> > > > search result if this control is not set ?
> > > 
> > > I guess, going with the new scheme would require change in the
> > > following text from RFC 2251:
> > > 
> > > " Clients MUST only retrieve attributes from a subschema entry by
> > >    requesting a base object search of the entry, where the 
> > search filter
> > >    is "(objectClass=subschema)". (This will allow LDAPv3 
> > servers which
> > >    gateway to X.500(93) to detect that subentry 
> > information is being
> > >    requested.) "
> > > 
> > > Any backward compatibility issues (existing clients
> > > using RFC 2251 scheme to read subschema subentries) ?
> > 
> > Perhaps.  A reasonable compromise might be to return LDAP 
> > subentries in
> > these two cases:
> > 
> > 1) When a returnSubEntries control (to be defined) is present in the
> > search request.
> > 
> > 2) When the scope of the search is baseObject.
> > 
> > Why return LDAP subentries in case 2)?  Because it is more compatible
> > with 2251.  And because I do not think it does any harm -- 
> > if a client
> > knows the name of a subentry, it might just as well be able 
> > to retrieve
> > it without using any controls.  Comments?
> > 
> > -- 
> > Mark Smith
> > Netscape
> >

Prev by Date: Make $30,000 Part Time -JJNX
Next by Date: RE: Fwd: controlling visability of subentries
Index(es):
- Chronological
- Thread