Bruce Greenblatt wrote: > > It appears to me that there is the possibility that the search results will > come back in a different order depending on how the MVO and sort controls > are processed. Section 4 states: "This control acts independently of other > LDAP controls such as server side sorting". To me if the controls were > independent, I would get exactly the same data back in exactly the same > order. So, I don't think that MVO and the sort control are "independent". > Bruce, OK, now I understand your problem. "acts independently" is the wrong phrase to use. Note that section 4 does state However, there might be interactions between this control and other controls so that a different set of Search Result Entries are returned, or the entries are returned in a different order, depending upon the sequencing of this control and other controls in the LDAP request. Therefore how about this for a rewording Whilst this control is applied independently of other controls, there might be interactions between etc. > Note that RFC 2891 requires the following processing method for > multi-valued attributes: when an entry happens to have multiple values for > that attribute and no other controls are present that affect the sorting > order, then the server SHOULD use the least value (according to the > ORDERING rule for that attribute). > > So, I would require the MVO to be processed BEFORE the sort > control. Otherwise, the sorted entries may turn out to be no longer sorted. Clause 4 does state For these reasons it is recommended that the ValuesReturnFilter control in a SearchRequest SHOULD precede other controls that affect the number and ordering of SearchResultEntrys. However what you are suggesting is that the server processing of controls acts independently of the ordering of the controls in the request. One could argue that this is not right, that the user decides the ordering of the controls when he/she places them in the request and the server must obey this ordering. This is the principle adopted in the MVO ID. I dont feel strongly either way about which principle is adopted (but would tend towards user control if I were forced to choose), but this is not an MVO issue. It is an LDAP controls issue that needs to be decided at a much higher level than in an individual ID, as it will affect ALL control extensions to LDAP. Therefore is this an issue that LDAPBIS should decide (or have they already decided it??) David -- ***************************************************************** David Chadwick, BSc PhD Post: IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 790 167 0359 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J *****************************************************************
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature