[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Active Directory question



At 11:31 PM 4/17/2004, Schleiff, Marty wrote:
>I'd value the opinions of this list around the following questions:
>1) What do you think of this practice? Being a stranger on this list, I've withheld my editorial opinion of this practice; however, I'd like to hear your opinions.

It is inappropriate for a server to respond in a manner which
requires a client to handle and recognize unsolicited
extension information.  To the client, the searchResultEntry
PDU provided by the server is malformed (see RFC 2251,
Section 3.1).  Likely, most clients (which do not support
this extension) will simply treat the response as indicating
the 'member' attribute has no (visible) values and simply
treat the values as belonging to an unrecognized attribute
type (or, possibly, an unrecognized subtype of the member
attribute type).

Anyways, as I previously noted, extensions to LDAP are suppose
to be truly optional.  This extension is actually truly non-optional
(which is worse than being "not truly optional").

LDAPBIS should, in revising the LDAP technical specification, make
this more clear.

>2) Even if I can get my ldap client apps to learn to deal with the ";range=0-999", I don't know how to teach them to obtain subsequent ranges. Also, as pointed out in section "5.3 Element Ordering", another client operating on the same entry as my client can add or remove values between my clients operations to retrieve multiple ranges so that my client's "requests may result in overlapping, duplicated, or skipped elements".

I have no idea of how the extension authors expect to consistency to
be maintained.  And I have no idea how the extension authors expect
clients to address obvious security considerations caused by such
inconsistencies.

>3) Does The Open Group...
>4) Does The Open Group...

These are questions for the Open Group to answer.

>5) Will common tools ... ?

That's a question for individual developers to answer.