[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP support for DIT Structure Rules

Michael Ströder wrote:
Howard Chu wrote:
Andrew Findlay wrote:
On Tue, Jun 02, 2009 at 11:39:04AM -0400, James Lentini wrote:
Standard - yes. Well supported - no. DIT Structure Rules along with
DIT Content Rules are the "standard" way to do this, but hardly anyone
implements them.
[..] we'll probably add them in OpenLDAP 2.5.
It's a bit late to add to 2.4. Up till now, hardly anyone ever needed them.

Well, I've requested them. ;-)
Serious: If a mechanism is there people will start using it. Many people
are not aware that these even exist in the LDAPv3 standard. They use
what's implemented.

In my case one of my customers will use web2ldap for some rare use-cases
conducted by admins adding administrative entries to an OpenLDAP DSA.
web2ldap already obeys DIT structure/content rules and name forms and
I'm even thinking about letting people specify supplemental LDAPv3
schema information within web2ldap's configuration (for host or
name-space) to guide the admin to do the right thing in the UI.

Also with DIT structure/content rules and name forms you can specify
directory layout and profiled use of object classes in a more formal way
in an operational concept.

No need to convince me; I've wanted to finish aligning our code with X.500 for years. But this is one of many features that I've wanted that nobody else ever expressed any interest in. Yet another concept the LDAP designers tossed out without sufficient thought, making client writers' lives even harder...

As 2.4 goes into maintenance-only phase we can start playing with this in HEAD, anyway.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/