[Date Prev][Date Next]
I've often thought about adding support here, but it looks like an
all-or-nothing proposition. I.e., when you have a server that uses
ditStructureRules, you must actually define a full set of rules otherwise you
cannot add any user entries to the directory at all. This would be a pretty
drastic change for people accustomed to the current behavior, where you can
put any entry you like anywhere you like. Beginners have a hard enough time
just getting their first two entries into the directory; requiring the use of
ditStructureRules would seem to just make a bad situation worse.
Possibly we could make it a configurable option - enable them with a
per-database setting, defaulting to off to preserve the current behavior.
Fully aligning with X.500 practices would have to wait for a new generation
of server. E.g., we currently support the use of subdatabases using
subordinate/glue. These provide some of the notion of X.500 Administrative
Areas, except their definitions reside in the cn=config tree, not as
subentries of the main DIT. Providing full subentry-based administration
would be a major change in how the server is operated and how the DIT is
administered. Something for OpenLDAP 3.0.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/