[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Fwd: controlling visability of subentries
The problem I see with solution 2 (create a control that mimics the X511
ServiceControls) is that there would be no way for an LDAP client to
discover the subset of ServiceControls that is supported on a given LDAP
server. Surely we are not going to require support for everything in
ServiceControls just to solve the subentry problem. Therefore, I prefer
solution 1.
And so everyone knows what we are talking about, from X.511:
A ServiceControls parameter contains the controls,
if any, that are to direct or constrain the provision
of the service.
ServiceControls ::= SET {
options [0] BIT STRING {
preferChaining (0),
chainingProhibited (1),
localScope (2),
dontUseCopy (3),
dontDereferenceAliases (4),
subentries (5),
copyShallDo (6), } DEFAULT {},
partialNameResolution (7),
manageDSAIT (8) } } DEFAULT {},
priority [1] INTEGER
{ low (0), medium (1), high (2) } DEFAULT medium,
timeLimit [2] INTEGER OPTIONAL,
sizeLimit [3] INTEGER OPTIONAL,
scopeOfReferral [4] INTEGER { dmd(0), country(1) } OPTIONAL,
attributeSizeLimit [5] INTEGER OPTIONAL
manageDSAITPlaneRef [6] SEQUENCE {
dsaName Name,
agreementID AgreementID } OPTIONAL }
--
Mark Smith
Netscape Communications Corp.
"Volpers, Helmut" wrote:
>
> Hi Ed,
>
> I personally think that solution 2 is the best one, specially for
> the future.
> If you take solution 1 it will also work, but at least you will create
> a control for every additional service control you will support.
> I think to work with a control is a clean solution but the number
> of controls increase rapitly and different servers have a lot of
> different controls they support.
> I think there is the requirement that the protocol has to be compatible
> and only some administrative clients will use this feature and a simple
> LDAP Client should not been broken.
> We handle subentries over LDAP for all update operations like normal entries
> and for the search in a special way, so if the filter contains
> ObjectClass=SUBENTRY
> the search operation is only for subentries and all other search operations
> exclude subentries. Is this a problem ?
>
> > -----Original Message-----
> > From: Ed Reed [mailto:eer@OnCallDBA.COM]
> > Sent: Thursday, October 19, 2000 5:25 AM
> > To: Kurt@OpenLDAP.org
> > Cc: ietf-ldup@imc.org; ietf-ldapext@netscape.com
> > Subject: Re: Fwd: controlling visability of subentries
> >
> >
> > Okay, Kurt - I've reviewed what X.511 specifies for the
> > service control
> > used to control subentry visibility. What is your opinion on
> > what we should
> > do in LDAP?
> >
> > 1) create a control which has no parameters, but has the
> > effect that when
> > it is present, it is interpreted identically to an X.511
> > service control with the
> > subentries bit set TRUE; or
> >
> > 2) create a control which has a parameter identical to the
> > service control
> > specified by X.511. This would have the effect of providing
> > a lot of the
> > additional controls needed to add distributed operations to
> > LDAP (including
> > preferChaining, chainingProhibited, etc.), but would also
> > provide things
> > like timeLimit, sizeLimit, scopeOfReferral, and
> > attributeSizeLimit, etc.
> > In X.511, the serviceControls are among the CommonArguments included
> > with each request.
> >
> > I suppose we could consider the list of controls in LDAP providing the
> > equivalent to the set of CommonArguments.
> >
> > What's your take? 1 would be easier to document. 2 would lay
> > important groundwork that should be considered in the context
> > of future
> > work to add distributed operations to LDAP.
> >
> > Ed
> >
> > =================
> > Ed Reed
> > Reed-Matthews, Inc.
> > +1 801 796 7065
> > http://www.Reed-Matthews.COM
> >
> > >>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 08/01/00 07:41AM >>>
> > Forwarded to LDUP list
> > >Date: Mon, 31 Jul 2000 16:23:57 -0400
> > >To: ietf-ldapext@OpenLDAP.org
> > >From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
> > >Subject: controlling visability of subentries
> > >
> > >One other issue I would like to raise in regards to LDAP subentry
> > >is the mechanism proposed to control their visibility. I believe
> > >the approach of overloading the search filter to control visibility
> > >is not the best approach. As we've found previously, the semantics
> > >of such overloads are difficult to define (and hence implement) when
> > >the filter is complex (which we must assume it will be).
> > >
> > >I believe that LDAPsubentry visibility should be control by
> > a mechanism
> > >more closely modeled after the X.500 subentry visibility mechanism.
> > >In particular, I suggest use of a control. The use of a control
> > >will allow a clear and concise specification of visibility semantics
> > >which facilitates implementation and use.
> > >
> > >Comments?
> > >
> > > Kurt
> >
> >