[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP subentry alignment with X.500 subentry

To: ietf-ldapext@netscape.com
Subject: LDAP subentry alignment with X.500 subentry
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 03 Jul 2000 09:25:32 -0700
Cc: Ed_Reed@Novell.com, ietf-ldup@imc.org

I believe 'LDAPsubentry' should be replaced with with 'subentry' and
defined such that it closely modelled after X.500.

1) subentries should have a subtree specifier such that they are more
useful for specification of ACI subentries.

2) subentries should be visible based upon presence of a subentries control,
not a filter components.  For example:
  (|(&(objectclass=LDAPsubentry)(!(cn=*))(objectclass=*))

Should the subentry be visible or not?   There are reasonable arguments
for both yes and no.

I primarily make these suggestions because I believe these changes would
make subentries within LDAP more usable, in particular, when used in
support of the access control model.

Kurt

Follow-Ups:
- Re: LDAP subentry alignment with X.500 subentry
  - From: mcs@netscape.com (Mark C Smith)

Prev by Date: RE: OID of caseExactIA5SubstringsMatch
Next by Date: RE: OID of caseExactIA5SubstringsMatch
Index(es):
- Chronological
- Thread