[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Unique identifiers for LDAP attributes
Date sent: Thu, 13 Jul 2000 08:00:58 -0700
To: d.w.chadwick@salford.ac.uk
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: Unique identifiers for LDAP attributes
Copies to: ietf-ldapext@netscape.com
> At 03:02 PM 7/13/00 +0100, David Chadwick wrote:
> >However, we have the situation that some LDAP servers do not
> >require OIDs to be defined for attribute types,
>
> Which implies they cannot properly publish schema...
Correct
There is another interesting problem that you may be interested in
related to the non-use of OIDs. The matching rule used to select a
subschema definition is, wait for it....
objectIdentifierFirstComponentMatch
Thus the client needs to know the OID of the schema definition it
needs to selectively fetch it. But if LDAP never passes an OID to
the client, how does the client know which subschema definition it
needs? In order to solve this, it means we really need a
"nonUniqueStringSecondComponentMatch" matching rule to be
defined for LDAP.
> Which implies they must be read-only servers...
Why? Sorry, I dont follow this one. LDAP updates dont need to use
OIDs.
--snip--
>
> I would support stating that servers MUST use a non-ambiguous
> identifier. That is, they must either ensure that NAME of given
> schema elements are non-ambiguous (with a subschema subentry)
> or use OIDs.
>
Sort of agree, however making NAME only unambiguous within a
subschema subentry solves the problem for one administration, but
not for interworking between domains. Thus NAME needs to
globally unambiguous - which brings us full circle around to the
problem that the Internet 2 guys are trying to solve. To my mind,
OID is the only sensible way forward.
David
>
***************************************************
David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J
***************************************************