[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: subentries comments

To: "'Rob Byrne - Sun Microsystems'" <robert.byrne@sun.com>, "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>
Subject: RE: subentries comments
From: "Steven Legg" <steven.legg@adacel.com.au>
Date: Fri, 7 Dec 2001 13:57:09 +1100
Cc: <ietf-ldapext@netscape.com>
Importance: Normal
In-reply-to: <3C0F958E.8DCAE302@sun.com>

Rob,

Rob Byrne wrote:
> "Kurt D. Zeilenga" wrote:
> > We don't transfer mechanism, we adapt them while maintaining the
> > consistent semantics.  That is, the LDAP access to subentries uses
> > different mechanisms than DAP, but both are semantically consistent.
> 
> Kurt,
> 
> You point out below that in fact you have introduced a 
> difference, namely in the
> retrieval behaviour when no control is attached.

The last paragraph in section 1 needs rewording. The detailed
description in section 3 is correct.

In DAP, if the ServiceControls.options is absent then subentries
are not visible to one-level and subtree search operations and
list operations. In LDAP, if the subentries control is absent
then subentries are not visible to subtree and one-level searches.
The means are different but the semantics are the same.

Note that the sense of the LDAP control is the reverse of the
subentries bit in ServiceControls.options. The value FALSE for
the control is equivalent to the subentries bit being set.

The only behavioural difference is that an LDAP base object search
without the subentries control sees both entries and subentries
while a DAP base object search without ServiceControls.options does
not see subentries (but should, in my opinion). However, a DAP read
operation sees both. If gateways translate LDAP base object searches
without the control into DAP reads the behaviour is the same.  

>  This 
> difference and the
> subsequent control definition means that you have failed to 
> reproduce a
> behaviour that exists with x500 subentries, namely the 
> ability to recover both
> normal and subentries in one request.

It isn't possible in X.500 to retrieve both entries and subentries
in the same request. The LDAP control is consistent with that.

> I think that will be 
> very painful for
> manageability.

I haven't found it to be so.

> 
> How about changing the meaning of TRUE in the controlValue to 
> mean "retrieve
> both normal and subentries" ?  It's still not exactly the 
> same as x500 but it
> seems "usefully closer" to me.

This would require splitting some LDAP search operations into
two DSP chained search operations. I want to avoid that complication.

Regards,
Steven

Follow-Ups:
- Re: subentries comments
  - From: Rob Byrne - Sun Microsystems <robert.byrne@sun.com>

References:
- Re: subentries comments
  - From: Rob Byrne - Sun Microsystems <robert.byrne@sun.com>

Prev by Date: Re: subentries comments
Next by Date: HELP!!! America's heart went with them!
Index(es):
- Chronological
- Thread