Andrew Findlay wrote:
On Tue, Jun 02, 2009 at 11:39:04AM -0400, James Lentini wrote:
An FSN is intended to be superior to its FSLs in a DIT. I was considering including DIT Structure Rules in the draft as a way to enforce this arrangement. However, I'm not inclined to do this if popular LDAP implementations, such as OpenLDAP, don't support them.
If there is a standard, well supported mechanisms for enforcing DIT structure, I'd be interested to know about it.
Standard - yes. Well supported - no. DIT Structure Rules along with DIT Content Rules are the "standard" way to do this, but hardly anyone implements them.
This is somewhat true. There are various server implementations but AFAIK only one open source client. ;-)
I've tested support in web2ldap for DIT structure rules and name forms with three different commercial servers and one open source implementations. I still have to sort out some issues with determining the governing structure rule at the client side (in case the DSA does not return operational attribute 'governingStructureRule').
OpenLDAP can do it, using a combination of ACLs and DIT Content Rules.
While this is a solution for enforcing DIT structure rules at server-side a client cannot determine the rules and guide the user to do the right thing.
Ciao, Michael.