[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] when is manageDsaIT needed for the root DSE?



For the record, I'm not writing any document that describes the behavior
of aliases or the allowed values of aliasedObjectName. I was just using
the example as another lever to help me understand whether (and to what
extent) LDAP has 'special cased' reads and modifies of the root DSE. I'm
trying to understand that is so I'll know how to best describe the way
in which an LDAP server discovers whether an asserted DN represents an
entry that can be normally accessed (without the use of manageDSAIT).

I think I have it now, and I think it's straight-forward except there
will have to be an exception for the read and modify of the root DSE to
be compatible with RFC 2251.

Thanks again,

Jim

>>> Steven Legg <steven.legg@eb2bcom.com> 9/23/04 8:10:25 PM >>>

Jim,

Jim Sermersheim wrote:
> I agree conceptually. But when describing the steps for determining
> suitability of the pointed-to object in technical terms, you'd kind
of
> have to say "aliasedObjectName can point to a glue DSE, but not the
root
> DSE."

Couldn't you just say that the value of aliasedObjectName cannot be
the
empty RDN sequence ?

You might be better off not saying that the aliasedObjectName *points*
to
anything, but rather that it provides a new name with which to
recommence
name resolution. The name is a reference to an entry or alias that may
or
may not exist (anywhere), and may or may not be locally represented by
either an entry DSE, an alias DSE or a glue DSE. One finds out by
doing
name resolution.

Regards,
Steven

> 
> 
>>>>"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 9/23/04 6:21:46 PM >>>
> 
> At 05:11 PM 9/23/2004, Jim Sermersheim wrote:
> 
>>Thinking more about the alias thing; an alias should be allowed to
> 
> point
> 
>>to a glue DSE. 
> 
> 
> I'd argue that such an alias is not pointing at the glue,
> but the object/alias entry that the glue entry is providing
> glue for.
> 
> 
> _______________________________________________
> Ldapext mailing list
> Ldapext@ietf.org 
> https://www1.ietf.org/mailman/listinfo/ldapext 
> 

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext