On Feb 14, 2012, at 5:03 AM, Emmanuel Lécharny wrote: > Le 2/14/12 1:19 PM, Michael Ströder a écrit : >> Emmanuel Lécharny wrote: >>> In Apache Directory Studio and >>> the Java LDAP API, it's a bit more annoying, as we try to load the full >>> schema >>> from the server to locally check that values are correct before sending them >>> back to the server. We have a mechanism to 'bypass' the missing syntaxes, of >>> course, but I think that from a completness POV, it would be better if >>> OpenLDAP add those missing syntaxes... >> >> As a developer of a generic, schema-aware LDAPv3 client you should prepared >> to deal with incomplete/false subschema. Otherwise your client will joke >> very often. > We *are* ready to handle such schemas. M$ AD is most certainly the worst use > case around. The question is more about OpenLDAP compliance
Compliance? RFC 4512: Clients SHOULD NOT assume that a published subschema is complete, that the server supports all of the schema elements it publishes, or that the server does not support an unpublished element. > : does those missing Syntaxes deserve an ITS or not. Generally speaking, if it's missing, it's missing for a reason... generally that reason is the syntax is not implemented, or implemented to the degree needed to one to have a userApplications attribute using that syntax. This can be viewed as a signal to the client application that listed attributes of that syntax cannot be stored/modified in the subtree of the subschema controls. -- Kurt > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com >
