[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
concensus, I think: controlling visability of subentries
David - I've heard several others voice the same opinion, and I'm
glad to see you endorse the KISS principle, too.
My reading of the concensus and arguments is to go with option 1.
So be it.
Ed
>>> "David Chadwick" <d.w.chadwick@salford.ac.uk> 10/21/00 02:17PM >>>
Date sent: Wed, 18 Oct 2000 21:24:49 -0600
From: "Ed Reed" <eer@OnCallDBA.COM>
To: <Kurt@OpenLDAP.org>
Copies to: <ietf-ldup@imc.org>, <ietf-ldapext@netscape.com>
Subject: Re: Fwd: controlling visability of subentries
> Okay, Kurt - I've reviewed what X.511 specifies for the service
> control used to control subentry visibility. What is your opinion on
> what we should do in LDAP?
Ed
I prefer option 1 for the following reasons
i) several of the common arguments are already in LDAP e.g size
limit so we dont want to add them again
ii) at least one is already a LDAPv3 control e.g. manageDSAIT
iii) we have had previous battles over some of the other common
arguments (esp dontUseCopy) and there was no concensus to add
them
so it would not be sensible to add them all in one go.
KISS
David
>
> 1) create a control which has no parameters, but has the effect that
> when it is present, it is interpreted identically to an X.511 service
> control with the subentries bit set TRUE; or
>
> 2) create a control which has a parameter identical to the service
> control specified by X.511. This would have the effect of providing a
> lot of the additional controls needed to add distributed operations to
> LDAP (including preferChaining, chainingProhibited, etc.), but would
> also provide things like timeLimit, sizeLimit, scopeOfReferral, and
> attributeSizeLimit, etc. In X.511, the serviceControls are among the
> CommonArguments included with each request.
>
> I suppose we could consider the list of controls in LDAP providing the
> equivalent to the set of CommonArguments.
>
> What's your take? 1 would be easier to document. 2 would lay
> important groundwork that should be considered in the context of
> future work to add distributed operations to LDAP.
>
> Ed
>
> =================
> Ed Reed
> Reed-Matthews, Inc.
> +1 801 796 7065
> http://www.Reed-Matthews.COM
>
> >>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 08/01/00 07:41AM >>>
> Forwarded to LDUP list
> >Date: Mon, 31 Jul 2000 16:23:57 -0400
> >To: ietf-ldapext@OpenLDAP.org
> >From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
> >Subject: controlling visability of subentries
> >
> >One other issue I would like to raise in regards to LDAP subentry is
> >the mechanism proposed to control their visibility. I believe the
> >approach of overloading the search filter to control visibility is
> >not the best approach. As we've found previously, the semantics of
> >such overloads are difficult to define (and hence implement) when the
> >filter is complex (which we must assume it will be).
> >
> >I believe that LDAPsubentry visibility should be control by a
> >mechanism more closely modeled after the X.500 subentry visibility
> >mechanism. In particular, I suggest use of a control. The use of a
> >control will allow a clear and concise specification of visibility
> >semantics which facilitates implementation and use.
> >
> >Comments?
> >
> > Kurt
>
>
>
***************************************************
David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J
***************************************************
=================
Ed Reed
Reed-Matthews, Inc.
+1 801 796 7065
http://www.Reed-Matthews.COM