Re: About AttributeType, superior and USAGE

Tue, 01 Dec 2009 04:49:08 -0800 

On Tue, Dec 1, 2009 at 14:16, Emmanuel Lecharny <[email protected]>wrote:

> Hi,
>
> I have an issue while refactoring the schema. I want to have your opinion
> about it.
>
> RFC 4512 states that :
>
> "
>
> 2.5.1.  Attribute Types
>
>    An attribute type governs whether the attribute can have multiple
>
>    values, the syntax and matching rules used to construct and compare
>    values of that attribute, and other functions.
> <snip>
>    The attribute type indicates whether the attribute is a user
>    attribute or an operational attribute.  If operational, the attribute
>
>    type indicates the operational usage and whether or not the attribute
>    is modifiable by users.  Operational attributes are discussed in
>    Section 3.4.
>
>    An attribute type (a subtype) may derive from a more generic
>
>    attribute type (a direct supertype).  The following restrictions
>    apply to subtyping:
>
>       - a subtype must have the same usage as its direct supertype,..."
>
> In our case, we have 5 AT which inherit from distinguishedName or Name, which 
> is a User attrinuteType, and have another Usage :
>
> apacheAlias(distinguishedName), autonomousAreaSubentry(distinguishedName), 
> apacheExistence (name), accessControlSubentries(distinguishedName), 
> triggerExecutionSubentries(distinguishedName)
>
> I don't think they should inherit from any other AT, IMO. WDYT ?
>
> It' been long since we have defined these attibutes and I do not totally
remember our motivation but for example regarding the
accessControlSubentries, it was defined in place of the following X.500
counterpart:


*"The accessControlSubentryList operational attribute identifies all access
control subentries that affect the entry. It is available in every entry.
accessControlSubentryList ATTRIBUTE ::= {
  WITH SYNTAX   DistinguishedName
  EQUALITY MATCHING RULE   distinguishedNameMatch
  NO USER MODIFICATION   TRUE
  USAGE   directoryOperation
  ID   id-oa-accessControlSubentryList }*"

So it should not have extended the DistinguishedName attribute but it should
just adopt the syntax.

So it seems we have a problem here. Also I don't know why we did not call
the attribute accessControlSubentryList, but accessControlSubentries.

Alex may have a better answer for the issue.

Regards,


> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>



-- 
Ersin ER
http://www.ersiner.net

Reply via email to