Re: LDAP Comments
Tim Howes <tim@terminator.rs.itd.umich.edu> Wed, 05 May 1993 15:31 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa17280; 5 May 93 11:31 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa17276; 5 May 93 11:31 EDT
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa13690; 5 May 93 11:31 EDT
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.03330-0@haig.cs.ucl.ac.uk>; Wed, 5 May 1993 15:36:47 +0100
Received: from terminator.rs.itd.umich.edu by bells.cs.ucl.ac.uk with Internet SMTP id <g.04564-0@bells.cs.ucl.ac.uk>; Wed, 5 May 1993 15:36:34 +0100
Received: from vertigo.rs.itd.umich.edu by terminator.rs.itd.umich.edu (5.67/2.2) with SMTP id AA24771; Wed, 5 May 93 10:36:03 -0400
Message-Id: <9305051436.AA24771@terminator.rs.itd.umich.edu>
To: pays@faugeres.inria.fr
Cc: rosenqui@crc.sofkin.ca, osi-ds@cs.ucl.ac.uk
Subject: Re: LDAP Comments
In-Reply-To: Your message of "05 May 93 16:18:22 +0200." <736611502.154.0-faugeres.inria.fr*@MHS>
Date: Wed, 05 May 1993 10:36:02 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Tim Howes <tim@terminator.rs.itd.umich.edu>
> From: pays@faugeres.inria.fr > To: pays@faugeres.inria.fr, tim@terminator.rs.itd.umich.edu > let me just give you an (hypothetical?) example: > > French master is a non QUIPU like DSA > ie the master entries of all the Org in France are hold > by the org. DSAs > let suppose > 1. we have a few hundreds org DSAs in France > 2. a client just need to know wether a given > DN is valid (eg C=FR; O=a-given-org; exist) > and get the Org fax number > > a search-one-level > base-object: C=FR; > filter: Class: organization > O=a-given-org; > Don't use copy flag: SET This operation should be done by a base-object search, not a one-level search. The search filter should be something like "objectClass=*". Attributes returned should be facsimileTelephoneNumber. If the don't use copy flag is set, only a single DSA will need to be chained to. > would result in chaining a few hundreds DSAs (or more reaslistic > in returning a few hundred referals) > > while a read > C=FR; O=a-given-org; > > will only rely in one chaining from the french master to the > DSA manging "a-given-org" data A read operation can be simulated in LDAP using a BASEOBJECT search with a filter testing for the existence of the objectClass attribute. It should only cause one chaining operation, just like a read. > PS: let me remind everyone that the QUIPU choice which consist > in having all the master entries under a node being held by the same DSA, > is > 1. a very QUIPUcentric view of the X.500 world > 2. is, after many thoughts, brain-damaged, when you take into > account security and authentication, and will (in my mind) > certainly be followed by nearly no other implementations. > I am ready to bet a bottle of "faugeres" that ISODE Cons. will > have to do something about this in the near to medium future. > My advice, don't base any design of thsi very proprietary > functionality! The QUIPU approach obviously has some good points. But I agree that it imposes unacceptable limitations in the long run. Something will have to be done about it eventually, and I believe you are correct that the IC will have to do it. So, I wouldn't bet you a bottle of "faugeres", even if I knew what that was! -- Tim
- LDAP Comments Eric Rosenquist
- Re: LDAP Comments Tim Howes
- Re: LDAP Comments pays
- Re: LDAP Comments Tim Howes
- Re: LDAP Comments pays
- Re: LDAP Comments Alan Shepherd
- Re: LDAP Comments Tim Howes
- Re: LDAP Comments pays
- Re: LDAP Comments Tim Howes
- Re: LDAP Comments pays
- Re: LDAP Comments Alan Shepherd
- Re: LDAP Comments Valdis Kletnieks
- Re: LDAP Comments Tim Howes
- Re: LDAP Comments pays
- Re: LDAP Comments Christian Huitema
- Re: LDAP Comments Tim Howes
- Re: LDAP Comments Steve Kille
- Re: LDAP Comments Christian Huitema