IETF Logo Mail Archive

Re: [ldapext] [Fwd: New Version Notification for draft-pluta-ldap-srv-side-current-time-match-00]

Daniel Pluta <pluta@tum.de> Wed, 21 April 2010 09:54 UTC

Return-Path: <pluta@tum.de>
X-Original-To: ldapext@core3.amsl.com
Delivered-To: ldapext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 785A83A6B22 for <ldapext@core3.amsl.com>; Wed, 21 Apr 2010 02:54:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.154
X-Spam-Level:
X-Spam-Status: No, score=0.154 tagged_above=-999 required=5 tests=[AWL=-0.197, BAYES_50=0.001, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LZS-73phBfQI for <ldapext@core3.amsl.com>; Wed, 21 Apr 2010 02:54:42 -0700 (PDT)
Received: from rs2.shuttle.de (rs2.shuttle.de [194.95.249.4]) by core3.amsl.com (Postfix) with ESMTP id BAF2D3A6B42 for <ldapext@ietf.org>; Wed, 21 Apr 2010 02:54:36 -0700 (PDT)
Received: by rs2.shuttle.de (Postfix, from userid 10) id EA95C580AF; Wed, 21 Apr 2010 11:54:26 +0200 (CEST)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by riviera.mos.sf.home (8.14.0/8.14.0) with ESMTP id o3L9qgH1018854 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 21 Apr 2010 11:52:43 +0200
Message-ID: <4BCECAEC.6030707@tum.de>
Date: Wed, 21 Apr 2010 11:52:44 +0200
From: Daniel Pluta <pluta@tum.de>
Organization: Technische Universität München
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Steven Legg <steven.legg@eb2bcom.com>
References: <4BAFB1A7.30609@tum.de> <4BC7ED51.7030806@eb2bcom.com> <4BCC4AF1.4090301@tum.de> <4BCD154B.2080102@eb2bcom.com> <4BCDAF60.3060502@tum.de> <4BCE64C4.9070208@eb2bcom.com>
In-Reply-To: <4BCE64C4.9070208@eb2bcom.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: ldapext@ietf.org
Subject: Re: [ldapext] [Fwd: New Version Notification for draft-pluta-ldap-srv-side-current-time-match-00]
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ldapext>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2010 09:54:43 -0000

Hi Steven,

Steven Legg wrote:
> Daniel Pluta wrote:
>> Please forget the additional syntaxes for now. In the meantime I've
>> learned that there is no possibility to support binary searching by
>> using an attribute of generalizedTime syntax within extensibleMatch
>> filters because ordering rules cannot be handled in extensibleMatching
>> rules because the specification does not say anything about ":<=" or 
>> ":>=".
>
> I'm afraid you're under a misapprehension. Although the string 
> representation
> of an extensible match contains a equals sign, it is just meaningless 
> syntactic
> fluff. The extensible match applies a matching rule, which is a boolean
> predicate that may or may not represent a relational operator like "=".
> So that the extensible match had the same expressive power as the other
> filter items, the X.500 working group defined matching rules for each of
> the syntaxes that has an obvious equality or ordering relationship 
> between
> values. For each syntax with an ordering relationship they defined two
> predicates; an equality or "=" matching rule (e.g., generalizedTimeMatch)
> and an ordering or "<" matching rule (e.g., 
> generalizedTimeOrderingMatch).
> This is sufficient to construct the other relational operators through an
> expression of extensible match filter items. That is,
>
>     "type=value" is (type:generalizedTimeMatch:=value)
>     "type<value" is (type:generalizedTimeOrdering:=value)
>     "type<=value" is 
> (|(type:generalizedTimeMatch:=value)(type:generalizedTimeOrdering:=value)) 
>
>     "type>value" is 
> (!(|(type:generalizedTimeMatch:=value)(type:generalizedTimeOrdering:=value))) 
>
>     "type>=value" is (!(type:generalizedTimeOrdering:=value))
>
> There is nothing magic about the choice of "=" and "<". The X.500 working
> group could have chosen any other pair of the relational operators, or 
> more
> than two, but this is the convention that has been followed since. 
> Therein
> also lies the reason why I suggested that currentTimeMatch and
> currentTimeOrderingMatch were sufficient. It's not wrong to define more
> rules as you have done, just unconventional and excess to requirements.
>
> So it is possible to perform binary search on a syntax using 
> extensible match
> given an ordering matching rule for that syntax, and it is meaningless 
> to talk
> about ":<=" or ":>=" with respect to the extensible match filter item.

This is just a short intermediate answer details regarding the other 
(main) points will follow later.

Many thanks for your explanation and the clarification that ordering 
matching rules in general are or should be supported, too.

We think we've been misled by a quick look into openldap's source where 
ordering matching rules (e.g. caseIgnoreOrderingMatch, 
generalizedTimeOrderingMatch) don't seem to be supported in combination 
with extensible match filter expressions:

              Processing a filter like: 
(createTimestamp:generalizedTimeOrderingMatch:=2010...Z)
              results in "filter: (?=undefined)"

Sorry for the confusion and thanks again for the clarification.

v2.23.0 | Report a Bug | By Email