[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Fwd: controlling visability of subentries
At 10:21 AM 10/19/00 -0700, sanjay jain wrote:
>"Volpers, Helmut" wrote:
>
>> I think Kurt is right. It's the simplest solution.
>> Does this mean that an LDAPServer should never gives a subentry in the
>> search result if this control is not set ?
>
>I guess, going with the new scheme would require change in the
>following text from RFC 2251:
>
>" Clients MUST only retrieve attributes from a subschema entry by
> requesting a base object search of the entry, where the search filter
> is "(objectClass=subschema)". (This will allow LDAPv3 servers which
> gateway to X.500(93) to detect that subentry information is being
> requested.) "
>
>Any backward compatibility issues (existing clients
>using RFC 2251 scheme to read subschema subentries) ?
Yes. And they will have to be addressed in due course.
I suggest the LDAP subentry I-D itself not directly address issues
surrounding the LDAP subschema "entry (or subentry)" as described in
RFC 2251. This is better left to LDAPbis efforts.
Some of the issues are:
RFC 2251 says "subschema entry (or subentry)"
RFC 2251 is referring to X.500's subentry
LDAP subentry != X.500 subentry
Support for subentries (of any flavor) is optional in LDAP
(as currently defined).
RFC 2251 ONLY allows "(objectClass=subschema)" and
clients often want to apply more complex filters
(such as an objectClasses or attributeTypes assertion)
I suggest discussing regarding the updating of RFC 2251 and
other core documents be moved to the LDAPbis mailing list
<ietf-ldapbis@openldap.org>.
Kurt