[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACM & Replication (Was: LDAPEXT Minutes)

To: rvh@qsun.mt.att.com (Richard V Huber)
Subject: Re: ACM & Replication (Was: LDAPEXT Minutes)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 17 Apr 2001 16:27:24 -0700
Cc: ietf-ldapext@netscape.com, ietf-ldup@imc.org
In-reply-to: <200104172316.TAA01088@qsun.mt.att.com>

At 04:16 PM 4/17/01, Richard V Huber wrote:
>: Are you saying here that LDAP ACM would be used to control what
>: was replicated between servers?  That seems presumptive.
>
>No, replication agreements control what is replicated among servers.
>
>All I'm saying is that the format specified by the ACM for representing
>access control information on the wire is also the format LDUP should
>use to transport access control information during replication.  So
>there should be a few additions to the ACM draft to clarify this
>additional intended use.

It seems to me that the need for this clarification is this
statement in Section 2:
  No mechanism is defined in this document for storage of
  access control information at the server beyond indicating
  that the attribute holding access control information is an
  operational attribute.

This statement I find odd as LDAP doesn't define any mechanism
for storage of any information beyond that of the data model.
Like any other attribute, the server is free to store it as it
pleases.

I think it unwise to add a replication specific clarification.
What's needed is an data model clarification... that is, servers
MUST implement ldapACI and other attributes in accordance to
the X.500 data and service model per RFC 2251, 3.3.

Kurt

References:
- Re: ACM & Replication (Was: LDAPEXT Minutes)
  - From: rvh@qsun.mt.att.com (Richard V Huber)

Prev by Date: Re: ACM & Replication (Was: LDAPEXT Minutes)
Next by Date: Re: ACM & Replication (Was: LDAPEXT Minutes)
Index(es):
- Chronological
- Thread