[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: NT Domain backend

To: Mark Valence <kurash@sassafras.com>
Subject: RE: NT Domain backend
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Fri, 19 Nov 1999 11:27:16 -0800
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <v04210103b45b49f5d5ce@[192.168.0.8]>
References: <v04210101b45943a36bf4@[192.168.0.8]> <Pine.GSO.4.10.9911181237390.20534-100000@avarice.nepean.uws.edu.au> <v04210101b45943a36bf4@[192.168.0.8]>

At 02:11 PM 11/19/99 -0500, Mark Valence wrote:
>For example, some oc's (e.g., organizationalPerson and groupOfNames) 
>that are STRUCTURAL in core.schema are ABSTRACT in MS's defs.

This is an error on Microsoft's part.

>Also,  there's extra stuff in the MS defs (see the definition of 'top' 
>below).

This is an error on Microsoft's part.

>My questions for today are:  Which definitions of the 
>2.5.6.* oc's and at's are correct,

The majority of these schema items are defined by standard
track RFC.  The definition in the RFC is correct.
We use RFC definitions when ever possible.  I believe you'll
find core.schema to be quite consistent with the RFCs.

>or are they both correct,

No. There is only one correct definition associated with an OID.

>since their definition is left to the server that provides them?

No.  Implementations are not allowed to redefine schema items.
Implementations can define NEW schema items using OIDs under
their control.

>Should AD have defined a new abstract class like 'mstop' with SUP top,
>and left the standard definition as in schema.core?

They should have left top alone and used auxiliary object classes
or operational attributes types to mix in whatever attributes types
they needed.

I should also note that Microsoft is not the only vendor to have
shipped products that inappropriately redefine standard schema.
Microsoft just happens to be less subtle as demonstrated by their
'top' hack:

>objectclass ( 2.5.6.0
>     NAME 'top'
>     ABSTRACT
>     MUST (objectClass $ instanceType $ nTSecurityDescriptor $
>         objectCategory )
>     MAY (cn $ description $ distinguishedName $ whenCreated $
>         whenChanged $ subRefs $ displayName $ uSNCreated $ isDeleted $
>         dSASignature $ objectVersion $ repsTo $ repsFrom $ memberOf $
>         uSNChanged $ uSNLastObjRem $ showInAdvancedViewOnly $
>         adminDisplayName $ proxyAddresses $ adminDescription $
>         extensionName $ uSNDSALastObjRemoved $ displayNamePrintable $
>         directReports $ wWWHomePage $ USNIntersite $ name $ objectGUID $
>         replPropertyMetaData $ replUpToDateVector $ flags $ revision $
>         wbemPath $ fSMORoleOwner $ systemFlags $ siteObjectBL $
>         serverReferenceBL $ nonSecurityMemberBL $ queryPolicyBL $
>         wellKnownObjects $ isPrivilegeHolder $ partialAttributeSet $
>         managedObjects $ partialAttributeDeletionList $ url $
>         lastKnownParent $ bridgeheadServerListBL $ netbootSCPBL $
>         isCriticalSystemObject $ frsComputerReferenceBL $
>         fRSMemberReferenceBL $ uSNSource $ fromEntry $
>         allowedChildClasses $ allowedChildClassesEffective $
>         allowedAttributes $ allowedAttributesEffective $
>         possibleInferiors $ canonicalName $ proxiedObjectName $
>         sDRightsEffective $ dSCorePropagationData $
>         otherWellKnownObjects $ mS-DS-ConsistencyGuid $
>         mS-DS-ConsistencyChildCount $ masteredBy $ createTimeStamp $
>         modifyTimeStamp $ subSchemaSubEntry ) )
>
>
>

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

References:
- RE: NT Domain backend
  - From: Mark Valence <kurash@sassafras.com>
- RE: NT Domain backend
  - From: David J N Begley <david@avarice.nepean.uws.edu.au>
- RE: NT Domain backend
  - From: Mark Valence <kurash@sassafras.com>

Prev by Date: RE: NT Domain backend
Next by Date: problems with big groupOfNames entries
Index(es):
- Chronological
- Thread