[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Re: draft-ietf-boreham-numsubordinates-01.txt

I'd vote for including subentries as well...
You can have a numSubordinate != 0 and not being able to see children entries (due to access controls).
But having numSubordinate = 0 and getting a NON_LEAF error when deleting the entry will be be perceived as more confusing.

Ludovic.


John McMeeking wrote:



I'd vote for including subentries.

The X.501 text allows hasSubordinate to be true if the only children are
subentries.  It seems a bit inconsistent to return hasSubordinates=TRUE and
numSubordinates=0.  I would expect that there will be cases (no access,
subentries, maybe other cases) where numSubordinates or hasSubordinates
will indicate the presence of entries that don't seem to be there.

John  McMeeking



"David Boreham" <david@bozemanpas To: <andrews@adacel.com.au>, <S.Kille@ISODE.COM>, "'Ldapext s.com> (E-mail)'" <ldapext@ietf.org> Sent by: cc: ldapext-admin@iet Subject: [ldapext] Re: draft-ietf-boreham-numsubordinates-01.txt f.org 10/23/2003 09:03 PM






Firstly I'm curious as to what `numSubordinates' identifies as being a
subordinate?
Eg. Is a subentry counted as a subordinate?



Good question, and I remember this coming up when I implemented the
feature.
My vote would be to not count subentries, but I'm interested to hear what
other folks think.



The SYNTAX is incorrect. It should be 1.3.6.1.4.1.1466.115.121.1.27



Thanks. I suspect this was a typo as I had an old copy
of the document with the correct syntax OID (which I
un-corrected thinking that it was an error since it didn't
match the 1999 version of the document).



Servers MUST ensure that the value returned in the numSubordinates
attibute to clients is consistent with the view that client has of other
server contents.


Is this suggesting that the numSubordinates value should take access


control


information into consideration, and only provide an indication of how


many


subordinate entries the user has access to?



Yes.



The X.500 hasSubordinates operational attribute[ITU-X501] can be
regarded as indicating whether numSubordinates has a non-zero value for
the same entry. This leads to the potential for optimization in a server
implementation, in that it isn't necessary to store both values.


This may not be exactly the case, as a TRUE value of the


`hasSubordinates'


attribute only indicates that subordinates _may_ exist.
As stated in X501:

A value of TRUE may be returned when no subordinates exist if all


possible


subordinates are available only through a
non-specific subordinate reference (see ITU-T Rec. X.518 | ISO/IEC


9594-4)


or if the only subordinates are subentries or child
family members.



Hmm...interesting. I'm happy to remove the paragraph referencing X.501.




_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext



_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext




_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext