Re: [ldapext] ManageDsaIT control vs. parent referral objects

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 08:04 AM 5/7/2004, Hallvard B Furuseth wrote:
>RFC 3296 says:
>> 3.  The ManageDsaIT Control
>> 
>>    The control causes Directory-specific
>>    entries (DSEs), regardless of type, to be treated as normal entries
>>    allowing clients to interrogate and update these entries using LDAP
>>    operations.
>
>This control would make more sense to me if it did not apply to superior
>referral entries of the entries that are considered by the operation.
>For example, as far as I can tell from rfc3296, one can now use the
>manageDSAIT control to add subordinate entries below referral entries.

I think that reading is a bit far fetched.  One of the
fundamentals of the LDAP service model is that the result of
any modification of the directory (whether to the DIT or a
DSA IT) must result in a consistent directory state.

Maybe the text would be more easily understood if
        s/normal entries/entries in the protocol/

The control affects the semantics of the protocol operation, it
doesn't alter the underlying directory and/or DSA information models.

>I haven't got X.511(97); how does its ManageDsaIT service option work
>in this respect?

The ManageDsaIT service option, like the ManageDsaIT, indicates
that the operation acts with a Dsa IT management plane instead
of DIT.

RFC 3296 use of the term "normal" means only that, objects within
the selected Dsa It management plane are treated in the protocol
as if they were objects in the DIT.

I note that once LDAPBIS wraps up its work revising the 'core'
TS, I intend to undertake a major revision of this RFC.  In
particular, I plan to incorporate most (if not all) of Steven's
Directory Admin Models I-D
<http://www.watersprings.org/pub/id/draft-legg-ldap-admin-01.txt>
into the revision.

Kurt 


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext