[Date Prev][Date Next]
Re: (ITS#5872) slapo-cloak
On Dec 27, 2008, at 2:46 AM, firstname.lastname@example.org wrote:
> empty or "*" ; all user, except attrs that need to be explicitly req.
> "+" ; all operational
> <all including attrs that need to be explicitly requested>
I note that the specification of '+' does allow a server not to
provide all operational attributes. That is, a server is allowed to
only return some operational attributes when requested by name.
This is not so with '*' (or empty list). However, that said, I see no
particular issue with a server choosing to return a particular user
applications attribute only when requested by name. I see this simply
as an administrative restriction... and those are always allowed.
(I also note that use of '*' (or empty list) and '+' should generally
be limited to requests formed by a human. It is bad (but all to
common) practice for application-specific directory clients to ask for
everything. They should really only ask for what they are prepared to
make use of.