[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5872) slapo-cloak

On Dec 27, 2008, at 2:46 AM, ando@sys-net.it wrote:

> empty or "*" ; all user, except attrs that need to be explicitly req.
> "+" ; all operational
> <all including attrs that need to be explicitly requested>
> <...>

I note that the specification of '+' does allow a server not to  
provide all operational attributes.  That is, a server is allowed to  
only return some operational attributes when requested by name.

This is not so with '*' (or empty list).  However, that said, I see no  
particular issue with a server choosing to return a particular user  
applications attribute only when requested by name.  I see this simply  
as an administrative restriction... and those are always allowed.

(I also note that use of '*' (or empty list) and '+' should generally  
be limited to requests formed by a human.  It is bad (but all to  
common) practice for application-specific directory clients to ask for  
everything.  They should really only ask for what they are prepared to  
make use of.

-- Kurt