On Tue, Dec 1, 2009 at 14:16, Emmanuel Lecharny <elecharny@apache.org> wrote:
Hi,

I have an issue while refactoring the schema. I want to have your opinion about it.

RFC 4512 states that :

"
2.5.1.  Attribute Types

An attribute type governs whether the attribute can have multiple
values, the syntax and matching rules used to construct and compare
values of that attribute, and other functions.
<snip>
The attribute type indicates whether the attribute is a user
attribute or an operational attribute. If operational, the attribute
type indicates the operational usage and whether or not the attribute
is modifiable by users. Operational attributes are discussed in
Section 3.4.

An attribute type (a subtype) may derive from a more generic
attribute type (a direct supertype). The following restrictions
apply to subtyping:

- a subtype must have the same usage as its direct supertype,..."

In our case, we have 5 AT which inherit from distinguishedName or Name, which is a User attrinuteType, and have another Usage :
apacheAlias(distinguishedName), autonomousAreaSubentry(distinguishedName), apacheExistence (name), accessControlSubentries(distinguishedName), triggerExecutionSubentries(distinguishedName)

I don't think they should inherit from any other AT, IMO. WDYT ?
It' been long since we have defined these attibutes and I do not totally remember our motivation but for example regarding the accessControlSubentries, it was defined in place of the following X.500 counterpart:


"The accessControlSubentryList operational attribute identifies all access control subentries that affect the entry. It is available in every entry.
accessControlSubentryList ATTRIBUTE ::= {
  WITH SYNTAX   DistinguishedName
  EQUALITY MATCHING RULE   distinguishedNameMatch
 
NO USER MODIFICATION   TRUE
 
USAGE   directoryOperation
 
ID   id-oa-accessControlSubentryList }
"

So it should not have extended the DistinguishedName attribute but it should just adopt the syntax.

So it seems we have a problem here. Also I don't know why we did not call the attribute accessControlSubentryList, but accessControlSubentries.

Alex may have a better answer for the issue.

Regards,


--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com



--
Ersin ER
http://www.ersiner.net