[ldapext] Re: draft-ietf-boreham-numsubordinates-01.txt

["David Boreham" <david@bozemanpass.com>]

> Firstly I'm curious as to what `numSubordinates' identifies as being a
> subordinate?
> Eg. Is a subentry counted as a subordinate?

Good question, and I remember this coming up when I implemented the feature.
My vote would be to not count subentries, but I'm interested to hear what
other folks think.

> The SYNTAX is incorrect. It should be 1.3.6.1.4.1.1466.115.121.1.27

Thanks. I suspect this was a typo as I had an old copy
of the document with the correct syntax OID (which I
un-corrected thinking that it was an error since it didn't
match the 1999 version of the document).

> >Servers MUST ensure that the value returned in the numSubordinates
> >attibute to clients is consistent with the view that client has of other
> >server contents.
>
> Is this suggesting that the numSubordinates value should take access
control
> information into consideration, and only provide an indication of how many
> subordinate entries the user has access to?

Yes.

> >The  X.500  hasSubordinates  operational  attribute[ITU-X501] can be
> >regarded  as indicating whether numSubordinates has a non-zero value for
> >the same entry. This leads to the potential for optimization in a server
> >implementation, in that it isn't necessary to store both values.
>
> This may not be exactly the case, as a TRUE value of the `hasSubordinates'
> attribute only indicates that subordinates _may_ exist.
> As stated in X501:
>
> A value of TRUE may be returned when no subordinates exist if all possible
> subordinates are available only through a
> non-specific subordinate reference (see ITU-T Rec. X.518 | ISO/IEC 9594-4)
> or if the only subordinates are subentries or child
> family members.

Hmm...interesting. I'm happy to remove the paragraph referencing X.501.




_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext