[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Continuation reference to root DN



After re-reading this thread, I can find no clarifications that need to be made in the protocol document. I do remember someone (Kurt?) at the last meeting commenting on one item that could be clarified--it escapes me at the moment though.

Jim

>>> "Jim Sermersheim" <jimse@novell.com> 11/22 6:18 AM >>>
I agree. An empty DN makes sense when pointing to a superior reference. And in this case I believe it's always appropriate for the client to replace the empty DN with it's original base DN. If that is so, we can leave things as they are.

Jim

>>> <d.w.chadwick@salford.ac.uk> 11/21/02 04:36PM >>>
Date sent:      	Wed, 20 Nov 2002 20:50:11 -0700
From:           	"Jim Sermersheim" <jimse@novell.com>
To:             	<Mark.Wahl@sun.com>
Copies to:      	<mcs@netscape.com>, <ietf-ldapbis@OpenLDAP.org>, <Kurt@OpenLDAP.org>,
  	<h.b.furuseth@usit.uio.no>
Subject:        	Re: Continuation reference to root DN
Priority:       	non-urgent

> Well, at least one directory implementation has a real entry at the root of the global tree. Thus an alias could point to that entry. I guess that breaks the X.500 data model though and so is the problem of that implementation (it sure is handy to have a place to hang tree-wide policy though).
> 
> So, for the issue I brought up, let me ask if it's OK with the WG that we restrict referrals from pointing to the empty dn.
> 

Jim

I agree that subordinate references should be restricted to not be able to point 
to empty DNs. How can the root of the DIT be subordinate to something else. 
Clearly it cant!.

But an empty DN should be allowed in general, as this will be useful to point to 
superior references, eg as in a server holding an OU to point to the country 
server or org server.

regards

David

> Jim
> 
> >>> Mark Wahl <Mark.Wahl@sun.com> 11/20/02 05:48PM >>>
> 
> 
> Jim Sermersheim wrote:
> > 
> > Good point. 4.1.10 is broken when an alias points to the empty DN. One could
> > easily loop on this problem.
> 
> The requirements for continuation references were derived from those of 
> X.500 which tended to point 'across' or 'down'.  It would seem to me that 
> a referral to the root DSE for an operation that is not a baseObject search 
> or Modify on the root DSE would be a 'new feature'.  I don't know an 
> application of this feature that would warrant such a change being required
> to improve interoperability.  Do you know of such application needs?  If 
> so, let's discuss how it uses such referrals to other servers' root DSEs 
> before we discuss making a change to LDAP.  If there aren't, then it might
> be easier to just forbid such references from being created.
> 
> Mark Wahl
> Sun Microsystems Inc.
> 
> 
> 
>