IETF Logo Mail Archive

Re: LDAP Comments

Tim Howes <tim@terminator.rs.itd.umich.edu> Wed, 05 May 1993 15:31 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa17280; 5 May 93 11:31 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa17276; 5 May 93 11:31 EDT
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa13690; 5 May 93 11:31 EDT
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.03330-0@haig.cs.ucl.ac.uk>; Wed, 5 May 1993 15:36:47 +0100
Received: from terminator.rs.itd.umich.edu by bells.cs.ucl.ac.uk with Internet SMTP id <g.04564-0@bells.cs.ucl.ac.uk>; Wed, 5 May 1993 15:36:34 +0100
Received: from vertigo.rs.itd.umich.edu by terminator.rs.itd.umich.edu (5.67/2.2) with SMTP id AA24771; Wed, 5 May 93 10:36:03 -0400
Message-Id: <9305051436.AA24771@terminator.rs.itd.umich.edu>
To: pays@faugeres.inria.fr
Cc: rosenqui@crc.sofkin.ca, osi-ds@cs.ucl.ac.uk
Subject: Re: LDAP Comments
In-Reply-To: Your message of "05 May 93 16:18:22 +0200." <736611502.154.0-faugeres.inria.fr*@MHS>
Date: Wed, 05 May 93 10:36:02 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Tim Howes <tim@terminator.rs.itd.umich.edu>

> From:    pays@faugeres.inria.fr
> To:      pays@faugeres.inria.fr, tim@terminator.rs.itd.umich.edu

> let me just give you an (hypothetical?) example:
> 
> 	French master is a non QUIPU like DSA
> 		ie the master entries of all the Org in France are hold
> 		by the org. DSAs
> 	let suppose
> 		1. we have a few hundreds org DSAs in France
> 		2. a client just need to know wether a given
> 			DN is valid (eg C=FR; O=a-given-org; exist)
> 			and get the Org fax number
> 
> a search-one-level 
> 	base-object: C=FR;
> 	filter: Class: organization
> 		O=a-given-org;
> 	Don't use copy flag: SET

This operation should be done by a base-object search, not a one-level
search.  The search filter should be something like "objectClass=*".
Attributes returned should be facsimileTelephoneNumber.  If the don't
use copy flag is set, only a single DSA will need to be chained to.

> would result in chaining a few hundreds DSAs (or more reaslistic
> in returning a few hundred referals)
> 
> while a read
> 	C=FR; O=a-given-org;
> 
> will only rely in one chaining from the french master to the
> DSA manging "a-given-org" data

A read operation can be simulated in LDAP using a BASEOBJECT search
with a filter testing for the existence of the objectClass attribute.
It should only cause one chaining operation, just like a read.

> PS: let me remind everyone that the QUIPU choice which consist
> in having all the master entries under a node being held by the same DSA,
> is
>   1. a very QUIPUcentric view of the X.500 world
>   2. is, after many thoughts, brain-damaged, when you take into
> 	account security and authentication, and will (in my mind)
> 	certainly be followed by nearly no other implementations.
> 	I am ready to bet a bottle of "faugeres" that ISODE Cons. will
> 	have to do something about this in the near to medium future.
> 	My advice, don't base any design of thsi very proprietary
> 	functionality!

The QUIPU approach obviously has some good points.  But I agree that
it imposes unacceptable limitations in the long run.  Something will
have to be done about it eventually, and I believe you are correct
that the IC will have to do it.  So, I wouldn't bet you a bottle of
"faugeres", even if I knew what that was!                 -- Tim

v2.8.7 | Report a Bug | By Email