Re: Adding new objects to the directory
Andrew Waugh <A.Waugh@mel.dit.csiro.au> Mon, 11 January 1993 01:11 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa09214; 10 Jan 93 20:11 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa09210; 10 Jan 93 20:11 EST
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa12422; 10 Jan 93 20:12 EST
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.02400-0@haig.cs.ucl.ac.uk>; Mon, 11 Jan 1993 00:34:19 +0000
Received: from shark.mel.dit.CSIRO.AU by bells.cs.ucl.ac.uk with Internet SMTP id <g.15227-0@bells.cs.ucl.ac.uk>; Mon, 11 Jan 1993 00:34:03 +0000
Received: from squid.mel.dit.CSIRO.AU by shark.mel.dit.csiro.au with SMTP id AA24845 (5.65c/IDA-1.4.4/DIT-1.3 for <osi-ds@cs.ucl.ac.uk>); Mon, 11 Jan 1993 11:34:04 +1100
Received: by squid.mel.dit.CSIRO.AU (4.1/SMI-4.0) id AA00519; Mon, 11 Jan 93 11:33:46 EST
Message-Id: <9301110033.AA00519@squid.mel.dit.CSIRO.AU>
To: osids <osi-ds@cs.ucl.ac.uk>, OIW DS SIG <dssig@ics.uci.edu>
Cc: ajw@mel.dit.csiro.au
Subject: Re: Adding new objects to the directory
In-Reply-To: Your message of "Sun, 10 Jan 93 11:48:47 +0700." <199301101105.AA16488@faui43.informatik.uni-erlangen.de>
Date: Mon, 11 Jan 1993 11:33:46 +1100
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Andrew Waugh <A.Waugh@mel.dit.csiro.au>
Markus Kuhn wrote: >If the DSA must silently add all missing objectclasses, then the DSA >has to know about the whole class hierarchy. It would be dangerous >to add classes unknown to this DSA, because the DSA won't know which >superclasses it has to add. And dealing consistently with unknown >classes is an important feature for extensibility. Consequently, >the DUA should deal with all superclasses, because DUAs are expected to >know the classes they allow to add (this might not even be true for >universal admin and test DUAs like dish). Right recommendation, wrong reason! The object class hierarchy is part of the X.500 schema in force in a particular portion of the DIT. As such the only entities which can 'know' the hierarchy are the DSAs holding that portion of the DIT. It is impossible to add an entry to the DIT if the DSA which will be the master of the new entry does not recognise the object class. A master DSA is always in a position to fill in the superclass hierarchy of its entries. In the 1988 standard there is no way for the DUAs to discover the schema in force at a particular location in the DIT. Consequently, when adding an entry the DUA has two choices: 1) List all the required object classes and their superclasses in the objectClass attribute of the new entry. 2) List only the final object classes and depend on the DSA to fill in the superclass hierarchy. For a DUA, the most reliable solution is to always include the object classes hierarchy in the entry (to do otherwise is to risk a reject from a DSA which interprets the standard to require a DUA to supply all object classes). The operation may still be rejected, however, if the DSA has a different schema to that used by the DUA and if the new entry doesn't satisfy the DSAs schema. Note: a DSA implementations should complete the object class hierarchy if necessary. (An application of the old networking saw 'Be generous about what you accept but conservative in what you send.') andrew waugh
- Re: Adding new objects to the directory John H. Dale
- Re: Adding new objects to the directory Andrew Waugh