directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Referencing subentries in entries
Date Wed, 22 Dec 2010 18:15:57 GMT

I think I already sent a mail a few weeks ago about this matter.

The RFC-3671 stipulates that for collectiveAttributes we have to add the 
collectiveAttributeSubentries AT in the entry to indicate the subentries 
which have been leveraged to add some collectiv attributes in the entry. 
Here is the LDAP syntax for this AT :
attributetype (
     NAME 'collectiveAttributeSubentries'
     EQUALITY distinguishedNameMatch
     USAGE directoryOperation

The RFC 4512 defines the subschemaSubentry AT as a way to define the 
subentry containing the schema this entry will use. Its syntax is :

attributetype( NAME 'subschemaSubentry'
         EQUALITY distinguishedNameMatch
         USAGE directoryOperation )

We have also defined two other ATs, the accessControlSubentries and 
triggerExecutionSubentries which contains a reference to the subentries 
the entry is selected by.

So if a subentry subtree specification selects an entry, then this entry 
will have a reference to the subentry. Those values must be returned to 
the user if requested (as they are Operational Attributes).

The problem is that those AT are DNs, which means that moving a subentry 
implies we have to modify all the entries pointing to this subentry, a 
costly operation.

I suggested to replace those DN references by the subentry UUID, which 
won't change.

For that, we must create 4 more ATs, having an UUID syntax 
(, it has no associated alias), one per type of subentry.

We will replace the UUID by a DN when returning the entries.

thoughts ?

Emmanuel L├ęcharny

View raw message