[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
new control for filtering dn attribute values based upon their object class
I've defined a new control which is the result of helping several customers
with their ldap enabled applications. They often end up with entries that
have attributes that have long lists of distinguished names as their
values. Groups and mailing lists are object classes that unfortunately
often end up this way. Independent of my views on whether it is a good
idea to have a zillion values in a single attribute, customers' DITs have
them, and they are reluctant to change the DIT. There are many problems
that result from this scenario. This draft defines a control that solves
one of them. The problem in question arises when the dns in the attribute
values refer to entries of several different object classes.
http://search.ietf.org/internet-drafts/draft-greenblatt-dn-type-00.txt
One good example of how this control would be used is for the retrieval of
only those dn values which refer to an entry that has a certificate (i.e.
has the strongAuthenticationUser object class). Additionally, this control
also allows the client to request that the ldap server "tag" each returned
dn attribute value with the object class(es) of the entry to which it
refers. Comments welcome.
Bruce
==============================================
Bruce Greenblatt, Ph. D.
Directory Tools and Application Services, Inc.
http://www.directory-applications.com