[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Models: Naming Contexts
At 10:17 AM 1/27/2003, Jim Sermersheim wrote:
>>From Models 05
>
>>5.1.2. 'namingContexts'
><snip>
>> If the server believes it masters or shadows the entire
>> directory, the attribute will have a single value, and that value
>will
>> be the empty string (indicating the null DN of the root).
>
>What if the server is a first level DSA which masters the root of the
>DIT, and also one or more other naming contexts?
Well, this sentence wouldn't apply in this case. So, taking the
specification literally, the namingContext attribute would have
one value for each naming contexts it masters or shadows, the
context prefix of the naming context. This would NOT include ""
as "" is not a valid context prefix.
>I believe this is a flaw and should be corrected to allow the
>namingContexts attribute to hold values in addition to the empty
>string. Please refer to X.501 Section 18.5
I have a couple of alternatives approaches which could be taken
1) replace first paragraph of 5.1.2 with:
The 'namingContexts' attribute lists the context prefixes of the
naming contexts the server masters or shadows (in part or in whole).
If the server is a first-level DSA [X.501], it should list (in
addition) an empty string (indicating the root of the DIT).
If the server does not master or shadow any information (e.g. it
is an LDAP gateway to a public X.500 directory) this attribute will
be absent. If the server believes it masters or shadows the
entire directory, the attribute will have a single value, and
that value will be the empty string (indicating the root of the
DIT). This attribute allows a client to choose suitable base
objects for searching when it has contacted a server.
and then noting in Changes the change to first-level DSA case.
2) replace first paragraph of 5.1.2 with:
The 'namingContexts' attribute lists the context prefixes of the
naming contexts the server masters or shadows (in part or in whole).
If the server does not master or shadow any information (e.g. it
is an LDAP gateway to a public X.500 directory) this attribute will
be absent. This attribute allows a client to choose suitable base
objects for searching when it has contacted a server.
and then noting that listing "" as a value of namingContexts has been
deprecated in Appendix A.
Comments?
Kurt