Re: LDAP and X.500 like attribute flattening or attribute inheritance

[Chris Ridd <C.Ridd@isode.com>]

On 19 Oct 1998 18:05:59 PDT, Stuart Schmukler wrote:
>  Is there a standard way to get X.500 flattening of attributes in LDAP servers?   By flattening, I mean
> attributes stored at nodes higher in the tree appearing when a lower level node is retreived (assuming
> that the lower mode hasn't defined the attribute.)

Those are called collective attributes in X.500 (1993), and they are 
basically additional attribute types with different OIDs from their 
normal non-collective counterparts (collectiveTelephoneNumber has a 
different OID from telephoneNumber, etc).

You can't 'override' a collective attribute in a subordinate entry in 
X.500, but you can explicitly exclude particular collective attributes 
from being returned with an entry using the collectiveExclusions 
operational attribute. You can also prevent them from being included 
using X.500 Content Rules.

There is no standard place in LDAP to store instances of collective 
attributes, although the attribute specification format in RFC 2252 
allows you to define that an LDAP attribute is collective.

In X.500 they are stored in subentries below collective attribute 
administrative points. NB a subentry is *not* the same as a subordinate 
entry; it is a special kind of entry that is not normally seen by users 
unless they explicitly ask for subentries to be returned to them.

> I have some hierarchical attributes that may 'live' in any of a number of places in the 
> organizational tree.  When I find a DN I want them to appear to be in the DN's attribute set. 

Hierarchical attributes are something else -- some attribute types are 
subtypes of others, and it is possible to perform a search which uses 
this type hierarchy. eg cn and sn are subtypes of name, so you can 
search for 'name' attribute types which match a certain value.

> 
> SaS 

Cheers,

Chris