directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@gmail.com>
Subject Subentry one more thing we don't support atm...
Date Thu, 22 Jul 2010 21:55:58 GMT
  Hi,

going deeper and deeper...

We currently don't make any difference between AAA and IAA (Autonomous 
Administrative Area and Inner Administrative Area). This is a problem as 
it's not in line with the RFCs and it pose a number of issues as all the 
subentries are then cummulative (except if chopAfter exclusions are 
used, but this is only a workaround).

For those of you who don't have any background on what AAA and IAA are 
and what they do, it's quite easy :
- AAA defines an area in the DIT starting at an AP (AdministrativePoint) 
nad going down to the tree until we met leaves or another AAP 
(Autonomous AP). The consequences is that if two AAA are defines in the 
same hierarchy, one below the other, they don't collide, and their 
respective subentries don't apply to anything but their own area.

(In the real world, it would be like if a manager gives order to all its 
subordinates, but if one of those subordinate is also a manager, then 
the top manager delegates everything to this manager, which may have 
totally different rules.)

- IAA defines an area that can be included into another area (either AAA 
or IAA), but their limit are the limit of their encapsulating AAA (ie, 
the area defined in an IAA is limited by the leaves or another AAA). The 
biggest difference is that subentries are cumulative : the IAA 
associated subentries are applied together with the encapsulating IAA or 
AAA.

(In the real word, this IAA represent a lower manager which has its own 
rules to manage its people, but those people are also submitted to the 
top manager rules... Sad world where the lower you are, the more rules 
you have to follow :)


So we don't support neither IAA nor AAA, all the area we define are IAA.

I think that we should implement both, to be fully compliant, assuming 
that it will clarify a lot of things...

-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com


Mime
View raw message