Rep (2) : LDAP
Ascan Woermann <Woermann@osi.e3x.fr> Mon, 07 June 1993 19:33 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa03415;
7 Jun 93 15:33 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa03409;
7 Jun 93 15:33 EDT
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa13350;
7 Jun 93 15:33 EDT
X400-Received: by mta haig.cs.ucl.ac.uk in /PRMD=uk.ac/ADMD=gold 400/C=gb/;
Relayed; Mon, 7 Jun 1993 19:33:28 +0100
Date: Mon, 7 Jun 1993 19:33:28 +0100
X400-Originator: osi-ds-request@cs.ucl.ac.uk
X400-Recipients: non-disclosure:;
X400-MTS-Identifier: [/PRMD=uk.ac/ADMD=gold 400/C=gb/;
haig.cs.uc.376:07.05.93.18.33.28]
Priority: Non-Urgent
DL-Expansion-History: osi-ds@cs.ucl.ac.uk ; Mon, 7 Jun 1993 19:33:28 +0100;
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Ascan Woermann <Woermann@osi.e3x.fr>
Message-ID: <7394779601075woer*/S=Woermann/OU=OSI/O=E3X/PRMD=E3X/ADMD=atlas/C=FR/@MHS>
To: Tim Howes <tim@terminator.rs.itd.umich.edu>, osi-ds@cs.ucl.ac.uk,
Christian Huitema <Christian.Huitema@sophia.inria.fr>
In-Reply-To: "9306071740.AA15750(a)terminator.rs.itd.umich.edu":
References: "199306071631.AA13409(a)mitsou.inria.fr":
Subject: Rep (2) : LDAP
> > For resultCodes of noSuchObject, aliasProblem, invalidDNSyntax, > > isLeaf, and aliasDereferencingProblem, the matchedDN field is > > set to the name of the lowest entry (object or alias) in the > > DIT that was matched and is a truncated form of the name > > provided or, if an alias has been dereferenced, of the > > resulting name. The matchedDN field should be set to a NULL DN > > (a zero length string) in all other cases. > > > > The alias case is very ennoying. Suppose I provide <CN=Name, OU=Foo, O=Bar, > > C= XX>, and that LDAP returns the "matched attributes" <C=Foobar, C=YY>. How d > > I know whether this matched 2 or 3 components? Should we return a "matched > > name parts" count in complement to the matched attributes? Or an alias > > indication? > > I'm not sure about this. If an alias is involved and there is an error > the aliasProblem error includes the value of the aliasedObjectName, and > not some truncated portion of the original DN, or of the aliasedObjectName. > In this case, the DUA can't tell which component had the bogus alias in it, > but it can tell what the bogus alias is. How would including an indication > of whether an alias was encountered help this situation? -- Tim > To my understanding Christian is referring to the case of a name error occurring after correct dereferencing of a valid alias. In this case the name error won't help you much, for example, in deciding where to start searching in an algorithm such as AFRO. The current implementation of AFRO detects when the matched DN returned is not a prefix of the given name, and, if necessary, continues with read operations on a progressively shorter name to find the erroneous name part "manually". Having said this, I don't follow the remainder of Christian's proposal: what else you can do in LDAP ? Ascan TS-E3X
- Rep (2) : LDAP Ascan Woermann
- Rep (2) : LDAP Alain Zahm
- Re: Rep (2) : LDAP Tim Howes
- Rep (2) : LDAP Ascan Woermann