[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Fwd: controlling visability of subentries
"Volpers, Helmut" wrote:
> I think Kurt is right. It's the simplest solution.
> Does this mean that an LDAPServer should never gives a subentry in the
> search result if this control is not set ?
I guess, going with the new scheme would require change in the
following text from RFC 2251:
" Clients MUST only retrieve attributes from a subschema entry by
requesting a base object search of the entry, where the search filter
is "(objectClass=subschema)". (This will allow LDAPv3 servers which
gateway to X.500(93) to detect that subentry information is being
requested.) "
Any backward compatibility issues (existing clients
using RFC 2251 scheme to read subschema subentries) ?
>
>
> Helmut
>
> > -----Original Message-----
> > From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
> > Sent: Thursday, October 19, 2000 4:18 PM
> > To: Ed Reed
> > Cc: ietf-ldup@imc.org; ietf-ldapext@netscape.com
> > Subject: Re: Fwd: controlling visability of subentries
> >
> >
> > I prefer option 1 as it is simple, adequately resolves this issue,
> > and is consistent with other such extensions (e.g. manageDsaIT
> > control). As LDAP subentry TS is an elective extension to the
> > LDAP protocol, I believe this to be best. I would prefer
> > to keep "future work" off this particular table so that we might
> > reach closure on the LDAP subentry TS soon.
> >
> > Kurt
> >
> > At 09:24 PM 10/18/00 -0600, Ed Reed wrote:
> > >Okay, Kurt - I've reviewed what X.511 specifies for the
> > service control
> > >used to control subentry visibility. What is your opinion
> > on what we should
> > >do in LDAP?
> > >
> > >1) create a control which has no parameters, but has the
> > effect that when
> > >it is present, it is interpreted identically to an X.511
> > service control with the
> > >subentries bit set TRUE; or
> > >
> > >2) create a control which has a parameter identical to the
> > service control
> > >specified by X.511. This would have the effect of providing
> > a lot of the
> > >additional controls needed to add distributed operations to
> > LDAP (including
> > >preferChaining, chainingProhibited, etc.), but would also
> > provide things
> > >like timeLimit, sizeLimit, scopeOfReferral, and
> > attributeSizeLimit, etc.
> > >In X.511, the serviceControls are among the CommonArguments included
> > >with each request.
> > >
> > >I suppose we could consider the list of controls in LDAP
> > providing the
> > >equivalent to the set of CommonArguments.
> > >
> > >What's your take? 1 would be easier to document. 2 would lay
> > >important groundwork that should be considered in the
> > context of future
> > >work to add distributed operations to LDAP.
> >
> >