[Date Prev][Date Next] [Chronological] [Thread] [Top]

[ldapext] draft-ietf-boreham-numsubordinates-01.txt

To: <S.Kille@ISODE.COM>, <david@bozemanpass.com>, "'Ldapext \(E-mail\)'" <ldapext@ietf.org>
Subject: [ldapext] draft-ietf-boreham-numsubordinates-01.txt
From: "Andrew Sciberras" <andrews@adacel.com.au>
Date: Fri, 24 Oct 2003 11:50:32 +1000
Importance: Normal

Hi,

Just some comments regarding draft-ietf-boreham-numsubordinates-01.txt.

Firstly I'm curious as to what `numSubordinates' identifies as being a
subordinate?
Eg. Is a subentry counted as a subordinate?


>4. Attribute Definition
>
>   ( 1.3.6.1.4.1.453.16.2.103 NAME 'numSubordinates'
>     DESC 'count of immediate subordinates'
>     EQUALITY integerMatch ORDERING integerOrderingMatch
>     SYNTAX 1.3.6.1.4.1.453.16.2.103
>     SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
>
>   numSubordinates ATTRIBUTE ::= {
>	WITH SYNTAX		INTEGER
>	USAGE			directoryOperation
>	SINGLEVALUED		TRUE
> 	NO USER MODIFICATION	TRUE
>	ID			{dod internet(1) private(4)
>				enterprises(1) isode-consortium(453)
>				ic-dsa(16) ic-dsa-at(2) 103}
>   }

The SYNTAX is incorrect. It should be 1.3.6.1.4.1.1466.115.121.1.27


> 5. Client-Server Interaction

>Servers MUST ensure that the value returned in the numSubordinates
>attibute to clients is consistent with the view that client has of other
>server contents.

Is this suggesting that the numSubordinates value should take access control
information into consideration, and only provide an indication of how many
subordinate entries the user has access to?


>6.  Relationship to hasSubordinates
>
>The  X.500  hasSubordinates  operational  attribute[ITU-X501] can be
>regarded  as indicating whether numSubordinates has a non-zero value for
>the same entry. This leads to the potential for optimization in a server
>implementation, in that it isn't necessary to store both values.

This may not be exactly the case, as a TRUE value of the `hasSubordinates'
attribute only indicates that subordinates _may_ exist.
As stated in X501:

A value of TRUE may be returned when no subordinates exist if all possible
subordinates are available only through a
non-specific subordinate reference (see ITU-T Rec. X.518 | ISO/IEC 9594-4)
or if the only subordinates are subentries or child
family members.


Cheers,
Andrew Sciberras
Adacel Technologies Ltd



_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

Follow-Ups:
- Re: [ldapext] draft-ietf-boreham-numsubordinates-01.txt
  - From: Michael Ströder <michael@stroeder.com>
- [ldapext] Re: draft-ietf-boreham-numsubordinates-01.txt
  - From: "David Boreham" <david@bozemanpass.com>

Prev by Date: Re: [ldapext] RFC3296 review
Next by Date: Re: [ldapext] draft-ietf-boreham-numsubordinates-01.txt
Index(es):
- Chronological
- Thread