[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fwd: controlling visability of subentries

To: "Mark Smith" <mcs@netscape.com>, "sanjay jain" <sanjay.jain@software.com>
Subject: Re: Fwd: controlling visability of subentries
From: "David A. Cahlander" <david.a.cahlander@syntegra.com>
Date: Thu, 19 Oct 2000 22:33:13 -0500
Cc: "Volpers Helmut" <helmut.volpers@icn.siemens.de>, "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>, "Ed Reed" <eer@OnCallDBA.COM>, <ietf-ldup@imc.org>, <ietf-ldapext@netscape.com>
References: <E1EB691EEC98D311A7CC0050DA3D8357689194@pappel.mch.sni.de> <39EF2D9F.CB708C7@software.com> <39EF3FDF.1C86C55B@netscape.com>

Syntegra has modified the X500 directory to return an entry for a
base object search.  With X500 logic, a "read" would return the entry,
but no search would return the entry.  With the change, a base level
search returns the entry.

As I read the X500 specs, the flag to return the subentry is an exclusive
flag.  Only subentries are returned or only non-subentries are returned.
An X500 browser needed to make two calls to the directory to read all the
entries in a list command (one-level search).

We added three Syntegra specific controls to pass on the information
about subentries and operational attributes.

Return operational attributes as well as user attributes:

    #define LDAP_C_SETOPERATTR_OID  "2.16.840.1.113531.18.2.4"

Return only subentries:

    #define LDAP_C_SETSUBENTRIES_OID "2.16.840.1.113531.18.2.5"

Return normal entries as well as sub-entries:

    #define LDAP_C_SETALLENTRIES_OID "2.16.840.1.113531.18.2.11"


The complete list of controls added for X500 are:

/*
 *  Define LDAP controls.
 */
#define LDAP_C_SETOPTIONS_OID   "2.16.840.1.113531.18.2.1"
#define LDAP_C_SETDONTUSECOPY_OID "2.16.840.1.113531.18.2.2"
#define LDAP_C_SETLOCALSCOPE_OID "2.16.840.1.113531.18.2.3"
#define LDAP_C_SETOPERATTR_OID  "2.16.840.1.113531.18.2.4"
#define LDAP_C_SETSUBENTRIES_OID "2.16.840.1.113531.18.2.5"
#define LDAP_C_SETUSEALIAS_OID  "2.16.840.1.113531.18.2.6"
#define LDAP_C_SETPREFERCHAIN_OID "2.16.840.1.113531.18.2.7"
#define LDAP_C_SETX500DN_OID    "2.16.840.1.113531.18.2.8"
#define LDAP_C_SETCOPYSHALLDO_OID "2.16.840.1.113531.18.2.9"
#define LDAP_C_SETDONTMAPATTRS_OID "2.16.840.1.113531.18.2.10"
#define LDAP_C_SETALLENTRIES_OID "2.16.840.1.113531.18.2.11"

Thanks.
---
David Cahlander David.A.Cahlander@syntegra.com  651-415-3171


----- Original Message ----- 
From: "Mark Smith" <mcs@netscape.com>

Perhaps.  A reasonable compromise might be to return LDAP subentries in
these two cases:

1) When a returnSubEntries control (to be defined) is present in the
search request.

2) When the scope of the search is baseObject.

Why return LDAP subentries in case 2)?  Because it is more compatible
with 2251.  And because I do not think it does any harm -- if a client
knows the name of a subentry, it might just as well be able to retrieve
it without using any controls.  Comments?

-- 
Mark Smith
Netscape

References:
- RE: Fwd: controlling visability of subentries
  - From: "Volpers, Helmut" <helmut.volpers@icn.siemens.de>
- Re: Fwd: controlling visability of subentries
  - From: sanjay jain <sanjay.jain@software.com>
- Re: Fwd: controlling visability of subentries
  - From: Mark Smith <mcs@netscape.com>

Prev by Date: create and amass personal wealth
Next by Date: RE: Fwd: controlling visability of subentries
Index(es):
- Chronological
- Thread