[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: [ldapext] LDAP and subtree specification and subentries

To: "'Jochen Keutel'" <mlists@keutel.de>
Subject: RE: [ldapext] LDAP and subtree specification and subentries
From: "Steven Legg" <steven.legg@adacel.com.au>
Date: Tue, 23 Apr 2002 10:55:48 +1000
Cc: <ldapext@ietf.org>
Importance: Normal
In-reply-to: <JAEILCBLFFGJCDGONDEIAELPCOAA.mlists@keutel.de>

Jochen,

Jochen Keutel wrote:
> Hello,
>   thanks for the clarification. One comment:
> 
> > > Other general question: Is it allowed to search / to modify 
> > > objects of DSE-Type subentry (e.g. 
> > > collective-attribute-subentries) via LDAP?
> > 
> > Yes.
> 
> OK - it's allowed. But it's not really possible because
> I can't express some attributes, e.g. subtreeSpecification, in LDAP.

In the worst case, LDAP allows all attribute and assertion syntaxes
defined in X.500 to be transfered in the LDAP protocol in BER format
by using ";binary".

The extent to which any particular LDAP product supports this capability
is a separate issue.

> 
> You are right: draft-zeilenga-ldap-subentry-03.txt solves
> this problem - but only for subtreeSpecification.
> I still can't see how to express
> the other attributes I usually find in (X.500) subentries, e.g.
> 
> - prescriptiveACI for access control subentries

I have proposed an LDAP-specific encoding for the ACI Item syntax in
draft-legg-ldap-acm-bac-00.txt.

> - DIT content rules and structure rules for subschema subentries

LDAP-specific encodings for these are already defined in RFC 2252.

> - collective attributes for collective attributes subentries
> (e.g. collectiveTelephoneNumber (X.520))

The LDAP-specific encodings for collective attributes are simply the
same as their non-collective counterparts since they share the same
attribute syntaxes.

> 
> The last one seems to be addressed by 
> draft-zeilenga-ldap-collective-06.txt,
> but not the other two kinds of subentries.
> 
> So it seems that today each X.500 vendor has a 
> vendor-specific (or no) representation
> of these subentries when read / modified via LDAP.

Currently, the only LDAP standard representation defined for
things like subtree specifications, ACI items, etc, is the
";binary" representation. This will change. The I-Ds Kurt and
I have submitted complete the definition of human-readable
LDAP-specific encodings for all the subentry operational
attributes.

Regards,
Steven

> 
> Best regards,
> 
> Jochen Keutel. 
> 
> ---
> Dr. Jochen Keutel
> Management Consultancy
> Wusterhausener Str. 8
> D-15732 Eichwalde
> Germany
> phone +49 30 678 19189
> mobile +49 177 6572720
> e-mail jochen@keutel.de
> 
> 
> 
> 
> _______________________________________________
> Ldapext mailing list
> Ldapext@ietf.org
> https://www1.ietf.org/mailman/listinfo/ldapext
> 

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- RE: [ldapext] LDAP and subtree specification and subentries
  - From: "Jochen Keutel" <mlists@keutel.de>

Prev by Date: RE: [ldapext] LDAP and subtree specification and subentries
Index(es):
- Chronological
- Thread