[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[ldapext] Dynamic group draft
- To: Ldapext <ldapext@ietf.org>, Jim Sermersheim <jimse@novell.com>
- Subject: [ldapext] Dynamic group draft
- From: Howard Chu <hyc@highlandsun.com>
- Date: Wed, 07 Feb 2007 16:21:56 -0800
- Cc:
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060911 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a
http://www.ietf.org/internet-drafts/draft-haripriya-dynamicgroup-02.txt
It's funny that this has come up since we've been having discussions of
these same points on the OpenLDAP-Devel mailing list recently. I hadn't
seen any prior versions of this draft before, can you point me to a
forum where it had been discussed?
Some comments/questions about this draft, mostly trivial:
While I don't think there was ever a formal spec published, a lot of
vendors already use the memberURL attribute that Netscape defined for
their default dynamic group implementation. Why did you feel it was
necessary to define a new "memberQueryURL" attribute that is essentially
identical in meaning to memberURL?
There are some obvious errors in this document, you list the
uniqueMember attribute with OID 2.5.4.32 inheriting from
distinguishedName, but 2.5.4.32 is actually the owner attribute.
uniqueMember is 2.5.4.50 and cannot inherit from distinguishedName since
it is of NameAndOptionalUUID syntax, not distinguishedName syntax.
There's a lack of symmetry here - "excludedMember" is used for both
member and uniqueMember but it shouldn't be since the two syntaxes are
not the same. You need an excludedUniqueMember attribute to provide the
relevant functionality.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext