Re: Models: DIT Content Rules and AUX object classes

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

In chatting with Hallvard offline about which auxiliary classes
are allowed in an entry when there is no DIT content rule associated
with the structural object class of an entry, I find that
additional clarification is needed in this area.  Hence, I suggest
replacing Section 2.4.3 (Auxiliary Object Classes) with:

  Auxiliary object classes are used augment the characteristics of
  entries.  They are commonly used to augment the sets of attributes
  required and allowed attributes to be present in an entry.  They
  can be used to describe entries or classes of entries.

  Auxiliary object classes cannot subclass structural object classes.
     
  An entry can belong to any subset of the set of auxiliary object
  classes allowed by the DIT content rule associated with structural
  object class of the entry.  If no DIT content rule is associated 
  with the structural object class of the entry, the entry cannot
  belong to any auxiliary object class.

  The set of auxiliary object classes which an entry belongs to can 
  change over time.

This, I believe, is fully consistent with X.501(93) which all
LDAP servers MUST act in accordance with.

I note that I, in general, view discussions of what servers
which don't act in accordance with X.500 beyond the scope of
the document.  If a service doesn't implement DIT content rules,
it can take any approach which is consistent with the
models.  They could either disallow auxiliary classes, they
could could allow auxiliary classes (as if they had content
rules which allowed all auxiliary classes for all structural
object classes, or take some other approach.  (As I noted in
another thread, how do lightly act in accordance with X.500
might make a good Informational RFC.)

Kurt