RE: LDAPSubentries comments review and request for last callby LDAPEXT and LDUP working groups

["Steven Legg" <steven.legg@adacel.com.au>]

Kurt D. Zeilenga wrote:
> At 08:29 AM 7/19/2001, Ed Reed wrote:
> >LDAP includes, by reference, X.500 subentries, including refinement
>
> Then why are we wasting our time with LDAPsubentries?
> X.500 subentries provides a sound approach, an approach
> proven to work for holding subschema, ACIs, and collective
> attributes.  We certainly don't need an second approach,
> especially one which is inconsistent with the X.500 data
> model which implementations "MUST act in accordance with."

I agree.

I would be very happy for the LDAP subentry model to be a proper subset
of the X.500 administrative model since I already support the X.500
model through LDAP. Having to duplicate that functionality in a slightly
different way for LDAP would be irksome, and the prospect of having to
support two subschema subentries in each subschema area in the DIT,
one conforming to X.500 and one conforming to LDAP, does not fill me
with joy.

The X.500 working group has a current work item for X.500 - LDAP alignment.
If we ask them nicely I'm sure they will modify the subentry definitions
to be more amenable to some of the uses being proposed for LDAP.
For example, the requirement in X.501 that subentries "shall not have
subordinates" could be relaxed to "may only have subentries as
subordinates".
Adding a requirement that subentries with the subschema,
collectiveAttributeSubentry,
accessControlSubentry, etc, auxiliary object classes must be immediately
subordinate to an administration point entry assures backward compatibility
with current uses of subentries while enabling subentry hierarchies for new
subentry auxiliary classes defined for LDAP.

Regards,
Steven

>
> Kurt
>
>
>