directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ersin Er <>
Subject Re: Subentry one more thing we don't support atm...
Date Fri, 23 Jul 2010 04:23:38 GMT

On Fri, Jul 23, 2010 at 00:55, Emmanuel Lecharny <>wrote:

>  Hi,
> going deeper and deeper...
> We currently don't make any difference between AAA and IAA (Autonomous
> Administrative Area and Inner Administrative Area). This is a problem as
> it's not in line with the RFCs and it pose a number of issues as all the
> subentries are then cummulative (except if chopAfter exclusions are used,
> but this is only a workaround).
> For those of you who don't have any background on what AAA and IAA are and
> what they do, it's quite easy :
> - AAA defines an area in the DIT starting at an AP (AdministrativePoint)
> nad going down to the tree until we met leaves or another AAP (Autonomous
> AP). The consequences is that if two AAA are defines in the same hierarchy,
> one below the other, they don't collide, and their respective subentries
> don't apply to anything but their own area.
> (In the real world, it would be like if a manager gives order to all its
> subordinates, but if one of those subordinate is also a manager, then the
> top manager delegates everything to this manager, which may have totally
> different rules.)
> - IAA defines an area that can be included into another area (either AAA or
> IAA), but their limit are the limit of their encapsulating AAA (ie, the area
> defined in an IAA is limited by the leaves or another AAA). The biggest
> difference is that subentries are cumulative : the IAA associated subentries
> are applied together with the encapsulating IAA or AAA.
> (In the real word, this IAA represent a lower manager which has its own
> rules to manage its people, but those people are also submitted to the top
> manager rules... Sad world where the lower you are, the more rules you have
> to follow :)
> So we don't support neither IAA nor AAA, all the area we define are IAA.
> I think that we should implement both, to be fully compliant, assuming that
> it will clarify a lot of things...
> --
> Regards,
> Cordialement,
> Emmanuel L├ęcharny

Ersin ER

View raw message