Re: LDAP Comments

Alan Shepherd <a.shepherd@nexor.co.uk> Wed, 05 May 1993 15:31 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa17270; 5 May 93 11:31 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa17266; 5 May 93 11:31 EDT
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa13690; 5 May 93 11:30 EDT
X400-Received: by mta haig.cs.ucl.ac.uk in /PRMD=uk.ac/ADMD=gold 400/C=gb/; Relayed; Wed, 5 May 1993 16:14:09 +0100
Date: Wed, 05 May 1993 16:14:09 +0100
X400-Originator: osi-ds-request@cs.ucl.ac.uk
X400-Recipients: non-disclosure:;
X400-MTS-Identifier: [/PRMD=uk.ac/ADMD=gold 400/C=gb/; haig.cs.uc.499:05.04.93.15.14.09]
Priority: Non-Urgent
DL-Expansion-History: osi-ds@cs.ucl.ac.uk ; Wed, 5 May 1993 16:14:09 +0100;
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Alan Shepherd <a.shepherd@nexor.co.uk>
Message-ID: <27009.736614542@nexor.co.uk>
To: Tim Howes <tim@terminator.rs.itd.umich.edu>
Cc: pays@faugeres.inria.fr, rosenqui@crc.sofkin.ca, osi-ds@cs.ucl.ac.uk
In-Reply-To: <9305051436.AA24771@terminator.rs.itd.umich.edu>
Subject: Re: LDAP Comments

In your message you said:
> > From:    pays@faugeres.inria.fr
> > To:      pays@faugeres.inria.fr, tim@terminator.rs.itd.umich.edu
> 
> > let me just give you an (hypothetical?) example:
> > 
> > 	French master is a non QUIPU like DSA
> > 		ie the master entries of all the Org in France are hold
> > 		by the org. DSAs
> > 	let suppose
> > 		1. we have a few hundreds org DSAs in France
> > 		2. a client just need to know wether a given
> > 			DN is valid (eg C=FR; O=a-given-org; exist)
> > 			and get the Org fax number
> > 
> > a search-one-level 
> > 	base-object: C=FR;
> > 	filter: Class: organization
> > 		O=a-given-org;
> > 	Don't use copy flag: SET
> 
> This operation should be done by a base-object search, not a one-level
> search.  The search filter should be something like "objectClass=*".
> Attributes returned should be facsimileTelephoneNumber.  If the don't
> use copy flag is set, only a single DSA will need to be chained to.
> 
> > would result in chaining a few hundreds DSAs (or more reaslistic
> > in returning a few hundred referals)
> > 
> > while a read
> > 	C=FR; O=a-given-org;
> > 
> > will only rely in one chaining from the french master to the
> > DSA manging "a-given-org" data
> 
> A read operation can be simulated in LDAP using a BASEOBJECT search
> with a filter testing for the existence of the objectClass attribute.
> It should only cause one chaining operation, just like a read.
> 
> > PS: let me remind everyone that the QUIPU choice which consist
> > in having all the master entries under a node being held by the same DSA,
> > is
> >   1. a very QUIPUcentric view of the X.500 world
> >   2. is, after many thoughts, brain-damaged, when you take into
> > 	account security and authentication, and will (in my mind)
> > 	certainly be followed by nearly no other implementations.
> > 	I am ready to bet a bottle of "faugeres" that ISODE Cons. will
> > 	have to do something about this in the near to medium future.
> > 	My advice, don't base any design of thsi very proprietary
> > 	functionality!
> 
> The QUIPU approach obviously has some good points.  But I agree that
> it imposes unacceptable limitations in the long run.  Something will
> have to be done about it eventually, and I believe you are correct
> that the IC will have to do it.  So, I wouldn't bet you a bottle of
> "faugeres", even if I knew what that was!                 -- Tim


this issue has come up before and it may well be the case that the
quipu implementation is lacking (side-issue and I don't want to
discuss it here), but I'm fairly sure that the X.500 standard says
that DSAs should be able to cope with the sort of search that PAP
doesn't like.  It doesn't at the moment and I expect that every
implementation has its own set of problems, but sooner or later, I
think that you are going to have to stop dissuading every from doing
searches on pizarro DSAs and make them work better !

Alan
-------------
Alan Shepherd, NeXor Ltd., University Park, Nottingham NG7 2RD.
Email: a.shepherd@nexor.co.uk, Phone: +44 (0) 602 514591 (Fax:790278)
X.400: C=GB;ADMD=mark400;PRMD=NeXor;O=NeXor;S=Shepherd;G=Alan
X.500: C=GB@O=NeXor Ltd@CN=Alan Shepherd

 Please note that NeXor Ltd was previously known as X-Tel Services Ltd.