I'd vote for including subentries.
The X.501 text allows hasSubordinate to be true if the only children are
subentries. It seems a bit inconsistent to return hasSubordinates=TRUE and
numSubordinates=0. I would expect that there will be cases (no access,
subentries, maybe other cases) where numSubordinates or hasSubordinates
will indicate the presence of entries that don't seem to be there.
John McMeeking
"David Boreham"
<david@bozemanpas To: <andrews@adacel.com.au>, <S.Kille@ISODE.COM>, "'Ldapext
s.com> (E-mail)'" <ldapext@ietf.org>
Sent by: cc:
ldapext-admin@iet Subject: [ldapext] Re: draft-ietf-boreham-numsubordinates-01.txt
f.org
10/23/2003 09:03
PM
Firstly I'm curious as to what `numSubordinates' identifies as being a
subordinate?
Eg. Is a subentry counted as a subordinate?
Good question, and I remember this coming up when I implemented the
feature.
My vote would be to not count subentries, but I'm interested to hear what
other folks think.
The SYNTAX is incorrect. It should be 1.3.6.1.4.1.1466.115.121.1.27
Thanks. I suspect this was a typo as I had an old copy
of the document with the correct syntax OID (which I
un-corrected thinking that it was an error since it didn't
match the 1999 version of the document).
Servers MUST ensure that the value returned in the numSubordinates
attibute to clients is consistent with the view that client has of other
server contents.
Is this suggesting that the numSubordinates value should take access
control
information into consideration, and only provide an indication of how
many
subordinate entries the user has access to?
Yes.
The X.500 hasSubordinates operational attribute[ITU-X501] can be
regarded as indicating whether numSubordinates has a non-zero value for
the same entry. This leads to the potential for optimization in a server
implementation, in that it isn't necessary to store both values.
This may not be exactly the case, as a TRUE value of the
`hasSubordinates'
attribute only indicates that subordinates _may_ exist.
As stated in X501:
A value of TRUE may be returned when no subordinates exist if all
possible
subordinates are available only through a
non-specific subordinate reference (see ITU-T Rec. X.518 | ISO/IEC
9594-4)
or if the only subordinates are subentries or child
family members.
Hmm...interesting. I'm happy to remove the paragraph referencing X.501.
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext