[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] groupOfEntries object class proposal

To: "Liben, Michael (GTI)" <michael_liben@ml.com>
Subject: Re: [ldapext] groupOfEntries object class proposal
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Tue, 18 Sep 2007 15:17:38 +0100
Cc: ldapext@ietf.org, "Ramsay, Ron" <Ron.Ramsay@ca.com>
Content-disposition: inline
In-reply-to: <DD9F4CC53AE89944A5C825781D5E30900199C279@MLNYC727MB.amrs.win.ml.com>
References: <52681ACFF63C114F8A3C3651FC9D301F825312@AUSYMS11.ca.com> <DD9F4CC53AE89944A5C825781D5E30900199C279@MLNYC727MB.amrs.win.ml.com>
User-agent: Mutt/1.5.13 (2006-08-11)

On Tue, Sep 18, 2007 at 09:19:24AM -0400, Liben, Michael (GTI) wrote:

> This approach gets my vote. Is it practical? 
> 
> -----Original Message-----
> From: Ramsay, Ron [mailto:Ron.Ramsay@ca.com] 
> Sent: Monday, September 17, 2007 10:45 PM
> Subject: RE: [ldapext] groupOfEntries object class proposal
> 
> Why not try to get the appropriate RFC revised to make 'member'
> optional?

It is clearly *possible* to change the definitions in most existing
LDAP servers. We know that people do it (breaking the standard in the
process). However, I cannot see IETF accepting the re-definition of an
existing class when a cleaner solution is available. (though if the
community *is* prepared to redefine existing things then I have a much
longer list of targets :-))

Adding a new object class to most servers is very easy. I have direct
experience of this with OpenLDAP, IBM Tivoli Directory Server, and
Oracle Internet Directory. In each case I could give you a small file
and simple instructions to add the groupOfEntries class, so
implementors would not have to wait for server suppliers to roll it
into a new release.

People running existing LDAP systems would have a choice: stick with
groupOfNames and its associated workarounds, or switch to
groupOfEntries. IF they choose to switch, they should audit the
searches and writes done by client applications to see whether any
changes are needed.

People designing new systems would also have the same choice, but
adopting groupOfEntries would give them benefits.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- RE: [ldapext] groupOfEntries object class proposal
  - From: "Ramsay, Ron" <Ron.Ramsay@ca.com>
- RE: [ldapext] groupOfEntries object class proposal
  - From: "Liben, Michael \(GTI\)" <michael_liben@ml.com>

Prev by Date: RE: [ldapext] groupOfEntries object class proposal
Next by Date: Re: [ldapext] groupOfEntries object class proposal
Index(es):
- Chronological
- Thread