[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Support of LDAP assertions in openLDAP backends

To: "Dieter Kluenter" <dieter@dkluenter.de>, <openldap-software@openldap.org>
Subject: RE: Support of LDAP assertions in openLDAP backends
From: "Antonio Alonso" <antonio.alonso@ericsson.com>
Date: Fri, 19 Oct 2007 20:51:53 +0200
Cc: Jesus Solana <jesus.solana@ericsson.com>, Angel Navas <angel.navas@ericsson.com>
Content-class: urn:content-classes:message
In-reply-to: <87tzonf3ik.fsf@magenta.l4b.de>
References: <69062C859C00FB489BCADE6833038EDC03745E9A@eesmdmw020.eemea.ericsson.se> <87tzonf3ik.fsf@magenta.l4b.de>
Thread-index: AcgSceek/9k7dqHaSQq5dgJDQgLN1AABpqXQ
Thread-topic: Support of LDAP assertions in openLDAP backends

 Hi Dieter !

   Thanks for the fast answer. Still some doubts :-(
   (I included them below your answer)

> [mailto:openldap-software-bounces+antonio.alonso=ericsson.com@
OpenLDAP.org] On Behalf Of Dieter Kluenter writes
> 
> Hi,
> 
> "Antonio Alonso" <antonio.alonso@ericsson.com> writes:
> 
> > Hi !
> >
> >    We are interested in deploying an openLDAP-based directory 
> > supporting the assertions control extension as defined in RFC 4528.
> >
> >    According to 
> http://www.openldap.org/faq/data/cache/645.html (list 
> > of LDAPv3 features/ extensions supported by the OpenLDAP server) 
> > openLDAP 2.3 already supports the assertion contol (we only need to 
> > use it in the LDAPModify operation) but I am not sure about the 
> > backends taking care of it (back-ndb and/or back-ldbm would 
> be ok for 
> > us). Could any of you provide us this info?
> >    I was checking the mail archives, but I did not find the 
> answer ....
> 
> As this is a DSA operation no backend is envolved, just 
> calling a modify operation according to RFC 4528 will be sufficient.

I am not sure to understand your answer. What do you mean with "DSA operation"?
(I understnd DSA in the X.500 scope and in the related LDAP scope, but I do
not see the relation with the "assertion control" defined in this RFC 

NOTE: As I understand RFC 4528 it is needed to check an assertion condition (based on
one or a set of attribute values stored in the involved entry) before performing
the required LDAP operation ... so I presume that backend must be involved in the
"assertion check" too as it is the one holding the attribute values associated to an
entry ... so the received assertion condition must be passed (from the front-end side)
to the backend being used together the LDAP data related to the requested operation (DN, attribute types involved, attribute values involved, etc.)

   Sorry if I am forgetting/misundertsanding something ....
> 
> -Dieter 
> 
> --
> Dieter Klünter | Systemberatung
> http://www.dkluenter.de
> GPG Key ID:8EF7B6C6
>

References:
- Support of LDAP assertions in openLDAP backends
  - From: "Antonio Alonso" <antonio.alonso@ericsson.com>
- Re: Support of LDAP assertions in openLDAP backends
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: extended characterset/binary/base64 support
Next by Date: "OpenLDAP 2.4 Highlights for 2.4" presentation
Index(es):
- Chronological
- Thread