You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Karl Weber <ka...@googlemail.com> on 2012/04/30 10:53:26 UTC
[ApacheDS] subschema subentries and DIT structure rules etc.
Hi,
as far as I read in the documentation for ApacheDS 1.5.7, ApacheDS does
support subentries according to RFC 3672 with the exception of subschema
subentries.
Is this still valid for the current 2.0.0 milestone? Unfortunately the links
to the documentation are broken. The support of subschema subentries has been
announced in the 1.5.7 documentation for the "future"...
Does ApacheDS support DIT structure rules and DIT content rules? The
documentation for 1.5.7 claims that ApacheDS is RFC 4512 compliant, however
support for these rules is optional, so some clarification is needed.
Furthermore, in order to use DIT structure rules, administrative areas with
there own subschemas would make sence. (DIT structure rules do not have global
OIDs but only integer IDs which have to be unique within the controlling
schema.) Furthermore, quote of RFC 4512:
If no superior rules are identified, the DIT structure rule applies
to an autonomous administrative point (e.g., the root vertex of the
subtree controlled by the subschema) [X.501].
Re: [ApacheDS] subschema subentries and DIT structure rules etc.
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 4/30/12 12:46 PM, Karl Weber a écrit :
> Am Montag, 30. April 2012, 11:51:12 schrieb Emmanuel Lécharny:
>> Atm, I do think we will get a 2.0 out before being able to have
>> subschema added, but be sure that one of the next minor iteration (2.1
>> or 2.2) will have such a feature.
> Sounds interesting. Do you have any idea yet, about when 2.1 and 2.2 will be
> ready?
Well, we still are working on 2.0 milstones... We expect to get a 2.0
release in the next few months, so for a 2.1, it all depends on the time
we have to work on the project :/
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: [ApacheDS] subschema subentries and DIT structure rules etc.
Posted by Karl Weber <ka...@googlemail.com>.
Am Montag, 30. April 2012, 11:51:12 schrieb Emmanuel Lécharny:
> Atm, I do think we will get a 2.0 out before being able to have
> subschema added, but be sure that one of the next minor iteration (2.1
> or 2.2) will have such a feature.
Sounds interesting. Do you have any idea yet, about when 2.1 and 2.2 will be
ready?
Re: [ApacheDS] subschema subentries and DIT structure rules etc.
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 4/30/12 10:53 AM, Karl Weber a écrit :
> Hi,
>
> as far as I read in the documentation for ApacheDS 1.5.7, ApacheDS does
> support subentries according to RFC 3672 with the exception of subschema
> subentries.
>
> Is this still valid for the current 2.0.0 milestone? Unfortunately the links
> to the documentation are broken. The support of subschema subentries has been
> announced in the 1.5.7 documentation for the "future"...
Yep. This is something we have to add, we worked on it last year, but
it's not finished yet.
Note that we currently support (partially) collective attributes and
access control, which are part of the Administrative Model the Subschema
is associated with. The schema is still global at this point.
>
> Does ApacheDS support DIT structure rules and DIT content rules?
No, not yet. This is something we must implement, as for NameForms and
MarchingRuleUse
> The
> documentation for 1.5.7 claims that ApacheDS is RFC 4512 compliant, however
> support for these rules is optional, so some clarification is needed.
I hope I have clarified those points.
> Furthermore, in order to use DIT structure rules, administrative areas with
> there own subschemas would make sence. (DIT structure rules do not have global
> OIDs but only integer IDs which have to be unique within the controlling
> schema.)
Yep. We have already made the SchemaManager an insolated module so that
it will be possible to have many instance of it in the server, thus
allowing the use of SubschmaSubentries
> Furthermore, quote of RFC 4512:
>
> If no superior rules are identified, the DIT structure rule applies
> to an autonomous administrative point (e.g., the root vertex of the
> subtree controlled by the subschema) [X.501].
Right : e have only one schema atm, and it's for the whole DIT.
Atm, I do think we will get a 2.0 out before being able to have
subschema added, but be sure that one of the next minor iteration (2.1
or 2.2) will have such a feature.
Hope it helps.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: [ApacheDS] subschema subentries and DIT structure rules etc.
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 4/30/12 11:53 AM, Alex Karasulu a écrit :
> On Mon, Apr 30, 2012 at 12:52 PM, Alex Karasulu<ak...@apache.org>wrote:
>
>>
>> On Mon, Apr 30, 2012 at 11:53 AM, Karl Weber<ka...@googlemail.com>wrote:
>>
>>> Hi,
>>>
>>> as far as I read in the documentation for ApacheDS 1.5.7, ApacheDS does
>>> support subentries according to RFC 3672 with the exception of subschema
>>> subentries.
>>>
>>>
>> Yes it does and so will all other implementations to come like 2.0 below.
>>
> Ooop I read in correctly (thought you meant subentries), I see you mean
> schema subentries. True we don't suport this.
Wrt RFC 3672, we currently have the support of SubtreeSpecification
(this is used for ACIs) and a partial support of the Administrative model.
The main issue we have wih the AA is the colision between Autonomous
area and SpecificArea. It's really complex to compute the intersection
of those areas, and we also have a discussion about how we should
implement it : should we compute it once and store the information in
every single entry, or should we evaluate each entry against the
autonomous/specific area they depend on.
This is a very interesting area, but quite complex...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: [ApacheDS] subschema subentries and DIT structure rules etc.
Posted by Alex Karasulu <ak...@apache.org>.
On Mon, Apr 30, 2012 at 12:52 PM, Alex Karasulu <ak...@apache.org>wrote:
>
>
> On Mon, Apr 30, 2012 at 11:53 AM, Karl Weber <ka...@googlemail.com>wrote:
>
>> Hi,
>>
>> as far as I read in the documentation for ApacheDS 1.5.7, ApacheDS does
>> support subentries according to RFC 3672 with the exception of subschema
>> subentries.
>>
>>
> Yes it does and so will all other implementations to come like 2.0 below.
>
Ooop I read in correctly (thought you meant subentries), I see you mean
schema subentries. True we don't suport this.
>
>
>> Is this still valid for the current 2.0.0 milestone? Unfortunately the
>> links
>> to the documentation are broken. The support of subschema subentries has
>> been
>> announced in the 1.5.7 documentation for the "future"...
>>
>>
> We need help with docs :).
>
>
>> Does ApacheDS support DIT structure rules and DIT content rules?
>
>
> Unfortunately it has all the machinery but enforcement of these rules
> don't take place and that peeves me a great deal. For really great schema
> design these are a must. Unfortunately many don't understand just how
> important these are including NameForms for carving out the namespace
> properly.
>
>
>> The
>> documentation for 1.5.7 claims that ApacheDS is RFC 4512 compliant,
>> however
>> support for these rules is optional, so some clarification is needed.
>>
>
> Yes we may have falsely advertised this if these features are required.
>
>
>> Furthermore, in order to use DIT structure rules, administrative areas
>> with
>> there own subschemas would make sence. (DIT structure rules do not have
>> global
>> OIDs but only integer IDs which have to be unique within the controlling
>> schema.) Furthermore, quote of RFC 4512:
>>
>> If no superior rules are identified, the DIT structure rule applies
>> to an autonomous administrative point (e.g., the root vertex of the
>> subtree controlled by the subschema) [X.501].
>>
>
> Schema right now applies globally to the entire DIT and I don't like this
> myself. However it's really hard to make it work with AAP and IAPs. I hope
> we get to this at some point.
>
> --
> Best Regards,
> -- Alex
>
>
--
Best Regards,
-- Alex
Re: [ApacheDS] subschema subentries and DIT structure rules etc.
Posted by Alex Karasulu <ak...@apache.org>.
On Mon, Apr 30, 2012 at 11:53 AM, Karl Weber <ka...@googlemail.com>wrote:
> Hi,
>
> as far as I read in the documentation for ApacheDS 1.5.7, ApacheDS does
> support subentries according to RFC 3672 with the exception of subschema
> subentries.
>
>
Yes it does and so will all other implementations to come like 2.0 below.
> Is this still valid for the current 2.0.0 milestone? Unfortunately the
> links
> to the documentation are broken. The support of subschema subentries has
> been
> announced in the 1.5.7 documentation for the "future"...
>
>
We need help with docs :).
> Does ApacheDS support DIT structure rules and DIT content rules?
Unfortunately it has all the machinery but enforcement of these rules don't
take place and that peeves me a great deal. For really great schema design
these are a must. Unfortunately many don't understand just how important
these are including NameForms for carving out the namespace properly.
> The
> documentation for 1.5.7 claims that ApacheDS is RFC 4512 compliant, however
> support for these rules is optional, so some clarification is needed.
>
Yes we may have falsely advertised this if these features are required.
> Furthermore, in order to use DIT structure rules, administrative areas with
> there own subschemas would make sence. (DIT structure rules do not have
> global
> OIDs but only integer IDs which have to be unique within the controlling
> schema.) Furthermore, quote of RFC 4512:
>
> If no superior rules are identified, the DIT structure rule applies
> to an autonomous administrative point (e.g., the root vertex of the
> subtree controlled by the subschema) [X.501].
>
Schema right now applies globally to the entire DIT and I don't like this
myself. However it's really hard to make it work with AAP and IAPs. I hope
we get to this at some point.
--
Best Regards,
-- Alex