directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ersin ER <>
Subject Re: About AttributeType, superior and USAGE
Date Tue, 01 Dec 2009 12:48:39 GMT
On Tue, Dec 1, 2009 at 14:16, Emmanuel Lecharny <>wrote:

> Hi,
> I have an issue while refactoring the schema. I want to have your opinion
> about it.
> RFC 4512 states that :
> "
> 2.5.1.  Attribute Types
>    An attribute type governs whether the attribute can have multiple
>    values, the syntax and matching rules used to construct and compare
>    values of that attribute, and other functions.
> <snip>
>    The attribute type indicates whether the attribute is a user
>    attribute or an operational attribute.  If operational, the attribute
>    type indicates the operational usage and whether or not the attribute
>    is modifiable by users.  Operational attributes are discussed in
>    Section 3.4.
>    An attribute type (a subtype) may derive from a more generic
>    attribute type (a direct supertype).  The following restrictions
>    apply to subtyping:
>       - a subtype must have the same usage as its direct supertype,..."
> In our case, we have 5 AT which inherit from distinguishedName or Name, which is a User
attrinuteType, and have another Usage :
> apacheAlias(distinguishedName), autonomousAreaSubentry(distinguishedName), apacheExistence
(name), accessControlSubentries(distinguishedName), triggerExecutionSubentries(distinguishedName)
> I don't think they should inherit from any other AT, IMO. WDYT ?
> It' been long since we have defined these attibutes and I do not totally
remember our motivation but for example regarding the
accessControlSubentries, it was defined in place of the following X.500

*"The accessControlSubentryList operational attribute identifies all access
control subentries that affect the entry. It is available in every entry.
accessControlSubentryList ATTRIBUTE ::= {
  WITH SYNTAX   DistinguishedName
  EQUALITY MATCHING RULE   distinguishedNameMatch
  USAGE   directoryOperation
  ID   id-oa-accessControlSubentryList }*"

So it should not have extended the DistinguishedName attribute but it should
just adopt the syntax.

So it seems we have a problem here. Also I don't know why we did not call
the attribute accessControlSubentryList, but accessControlSubentries.

Alex may have a better answer for the issue.


> --
> Regards,
> Cordialement,
> Emmanuel L├ęcharny

Ersin ER

View raw message