[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Fwd: controlling visability of subentries
Hi Ed,
I personally think that solution 2 is the best one, specially for
the future.
If you take solution 1 it will also work, but at least you will create
a control for every additional service control you will support.
I think to work with a control is a clean solution but the number
of controls increase rapitly and different servers have a lot of
different controls they support.
I think there is the requirement that the protocol has to be compatible
and only some administrative clients will use this feature and a simple
LDAP Client should not been broken.
We handle subentries over LDAP for all update operations like normal entries
and for the search in a special way, so if the filter contains
ObjectClass=SUBENTRY
the search operation is only for subentries and all other search operations
exclude subentries. Is this a problem ?
> -----Original Message-----
> From: Ed Reed [mailto:eer@OnCallDBA.COM]
> Sent: Thursday, October 19, 2000 5:25 AM
> To: Kurt@OpenLDAP.org
> Cc: ietf-ldup@imc.org; ietf-ldapext@netscape.com
> Subject: Re: Fwd: controlling visability of subentries
>
>
> Okay, Kurt - I've reviewed what X.511 specifies for the
> service control
> used to control subentry visibility. What is your opinion on
> what we should
> do in LDAP?
>
> 1) create a control which has no parameters, but has the
> effect that when
> it is present, it is interpreted identically to an X.511
> service control with the
> subentries bit set TRUE; or
>
> 2) create a control which has a parameter identical to the
> service control
> specified by X.511. This would have the effect of providing
> a lot of the
> additional controls needed to add distributed operations to
> LDAP (including
> preferChaining, chainingProhibited, etc.), but would also
> provide things
> like timeLimit, sizeLimit, scopeOfReferral, and
> attributeSizeLimit, etc.
> In X.511, the serviceControls are among the CommonArguments included
> with each request.
>
> I suppose we could consider the list of controls in LDAP providing the
> equivalent to the set of CommonArguments.
>
> What's your take? 1 would be easier to document. 2 would lay
> important groundwork that should be considered in the context
> of future
> work to add distributed operations to LDAP.
>
> Ed
>
> =================
> Ed Reed
> Reed-Matthews, Inc.
> +1 801 796 7065
> http://www.Reed-Matthews.COM
>
> >>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 08/01/00 07:41AM >>>
> Forwarded to LDUP list
> >Date: Mon, 31 Jul 2000 16:23:57 -0400
> >To: ietf-ldapext@OpenLDAP.org
> >From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
> >Subject: controlling visability of subentries
> >
> >One other issue I would like to raise in regards to LDAP subentry
> >is the mechanism proposed to control their visibility. I believe
> >the approach of overloading the search filter to control visibility
> >is not the best approach. As we've found previously, the semantics
> >of such overloads are difficult to define (and hence implement) when
> >the filter is complex (which we must assume it will be).
> >
> >I believe that LDAPsubentry visibility should be control by
> a mechanism
> >more closely modeled after the X.500 subentry visibility mechanism.
> >In particular, I suggest use of a control. The use of a control
> >will allow a clear and concise specification of visibility semantics
> >which facilitates implementation and use.
> >
> >Comments?
> >
> > Kurt
>
>