https://issues.apache.org/jira/browse/DIRSERVER-706
On Fri, Jul 23, 2010 at 00:55, Emmanuel Lecharny <[email protected]>wrote: > Hi, > > going deeper and deeper... > > We currently don't make any difference between AAA and IAA (Autonomous > Administrative Area and Inner Administrative Area). This is a problem as > it's not in line with the RFCs and it pose a number of issues as all the > subentries are then cummulative (except if chopAfter exclusions are used, > but this is only a workaround). > > For those of you who don't have any background on what AAA and IAA are and > what they do, it's quite easy : > - AAA defines an area in the DIT starting at an AP (AdministrativePoint) > nad going down to the tree until we met leaves or another AAP (Autonomous > AP). The consequences is that if two AAA are defines in the same hierarchy, > one below the other, they don't collide, and their respective subentries > don't apply to anything but their own area. > > (In the real world, it would be like if a manager gives order to all its > subordinates, but if one of those subordinate is also a manager, then the > top manager delegates everything to this manager, which may have totally > different rules.) > > - IAA defines an area that can be included into another area (either AAA or > IAA), but their limit are the limit of their encapsulating AAA (ie, the area > defined in an IAA is limited by the leaves or another AAA). The biggest > difference is that subentries are cumulative : the IAA associated subentries > are applied together with the encapsulating IAA or AAA. > > (In the real word, this IAA represent a lower manager which has its own > rules to manage its people, but those people are also submitted to the top > manager rules... Sad world where the lower you are, the more rules you have > to follow :) > > > So we don't support neither IAA nor AAA, all the area we define are IAA. > > I think that we should implement both, to be fully compliant, assuming that > it will clarify a lot of things... > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com > > -- Ersin ER
