[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4161) Op. attrs. numSubordinates / numAllSubordinates

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4161) Op. attrs. numSubordinates / numAllSubordinates
From: hyc@symas.com
Date: Tue, 8 Nov 2005 14:00:27 GMT

Michael Ströder wrote:
>> I'm inclined to reject this request since it can reveal the presence of
>> entries that otherwise would not be disclosed (due to ACLs), and the
>> work required to conform to ACLs would make it fairly expensive to
>> maintain.
>>     
>
> How about just leaving this up to the access control rules defined by
> the administrator for these particular attributes? That's how other
> products handle this. Same like hasSubordinates.
>   
That's fair. The other issue which I recall was raised the last time 
this suggestion was made, (and the reason we decided to only implement 
the hasSubordinates attribute) is that there was neither a formal 
specification nor an ad hoc standard defining the semantics of the 
numSubordinates attribute. Some vendors treated it only as the one-level 
count, while others treated it as the subtree count. I haven't looked, 
but if you can show that the distinction between numSubordinates and 
numAllSubordinates is well-defined and well-supported, that would make 
the argument more convincing.

-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

Prev by Date: Re: (ITS#4144) Strange problem in client libs with SSL connect
Next by Date: Re: (ITS#4144) Strange problem in client libs with SSL connect
Index(es):
- Chronological
- Thread