[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: subschemaSubentry within the root DSE
Note that I am not tracking this issue in the protocol document as this aplies to the data model.
Jim
>>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 03/12/01 10:54AM >>>
As discussed previously (LDAPext, LDAPbis lists), RFC 2251
Section 3.4 use of subschemaSubentry is significantly flawed.
The following attributes of the root DSE are defined in section 5 of
[5]. Additional attributes may be defined in other documents.
...
- subschemaSubentry: subschema entries (or subentries) known by this
server.
The subschemaSubentry attribute, like all other subschemaSubentry,
should provide the name of the entry (or subentry) containing
the subschema controlling the entry. That is, the
subschemaSubentry attribute contained in the root DSE should
refer to the particular subschema subentry containing the
subschema controlling the root DSE itself.
I note that 3.4 use calls for the subschemaSubentry to be used
in a manner which is clearly inconsistent with the primary use
of subschemaSubentry [and its description (as single-valued and
directoryOperation)].
Hence, I suggest the following changes be made to RFC 2251:
The 3.4 text:
- subschemaSubentry: subschema entries (or subentries) known by this
server.
be replaced with:
- subchemaSubentry: the name of the subschema entry containing the
schema controlling the root DSE.
The 3.4 text:
If the server does not master entries and does not know the locations
of schema information, the subschemaSubentry attribute is not present
in the root DSE. If the server masters directory entries under one
or more schema rules, there may be any number of values of the
subschemaSubentry attribute in the root DSE.
be deleted.
Section 6.2 text:
The client can retrieve the subschema entries referenced by
the subschemaSubentry attribute in the server's root DSE or
in entries held by the server.
be replaced with:
The client can obtain the name of the subschema entry (or
subentry) controlling a particular entry by retrieve that
entry's subschemaSubentry attribute.
These changes make the use of subschemaSubentry attribute consistent
throughout the LDAP technical specification and with X.500.
The addition of a note that LDAP does not address the subschema
chicken and egg problem (discovery of schema controlling a yet
to be added entry at the root of a subschema administrative
area) might be also be appropriate.
Kurt