Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

Section

Column

width	70%

Here's a slightly modified example DIT used in RFC 3296. We'll also use this to elaborate on the behavior of operations based on the different scenarios outlined in 3296.

Info

title	Legend

Green nodes are actual entries. Red nodes are referrals.

Finding target in non-search operations

The handling for add, compare, delete, modify and modify DN operations to the target entry operated on is the same. The RFC gets a bit confusing when describing different scenarios and it's examples are lacking. They could have picked referrals where the DN is not the same as the reference to better demonstrate what they exactly meant. Regardless there seems to be 4 cases worth considering (wether the added entry is a referral or not is irrelevant) :

target is present, and has no ancestor which is a referral
target is present, and has an ancestor which is a referral
target is not present, and no ancestor is a referral
target is not present, but an ancestor is a referral

We have to combine those 4 cases with the fact that the ManageDSAIT control is used or not.

Column

width	30%

Code Block

title	OU=People,O=MNN,C=WW

ou: People
ref: ldap://hostb/OU=People,DC=example,DC=com
ref: ldap://hostc/OU=People,O=MNN,C=WW
objectClass: referral
objectClass: extensibleObject

Code Block

title	OU=Roles,O=MNN,C=WW

ou: Roles
ref: ldap://hostd/ou=Roles,dc=apache,dc=org
objectClass: referral
objectClass: extensibleObject

Note
We can't have a combinaison of an existing entry in the server with it having some ancestor which is a referral.

Add Operation handling

target exists	has an ancestor	ManageDsaIT present	JNDI/protocol handling	Description
no	no	no	JNDI	Adds the entry. If it's a referral, updates the ReferralManager
			protocol	Adds the entry. If it's a referral, updates the ReferralManager
		yes	JNDI	Adds the entry. If it's a referral, updates the ReferralManager
			protocol	Adds the entry. If it's a referral, updatse the ReferralManager
	yes	no	JNDI	Returns a Referral LdapResult, with the ancestor's URLs
			protocol	Returns a Referral LdapResult, with the ancestor's URLs
		yes	JNDI	Returns an UnwillingToPerform error a Referral LdapResult, with the ancestor's URLs
			protocol	Returns an UnwillingToPerform error a Referral LdapResult, with the ancestor's URLs
yes	no	no	JNDI Adds the entry, no specific treatment.	Returns an entryAlreadyExists error
			protocol Adds the entry, no specific treatment.	Returns an entryAlreadyExists error
		yes	JNDI Adds the entry, no specific treatment.	Returns an entryAlreadyExists error
			protocol Adds the entry, no specific treatment	Returns an entryAlreadyExists error

An entry cannot exist and have an ancestor.

Compare Operation handling

target exists	has an ancestor	ManageDsaIT present	JNDI/protocol handling	Description
no	no	no	JNDI	Returns a NoSuchObject result
			protocol	Returns a NoSuchObject result
		yes	JNDI	Returns a NoSuchObject result
			protocol	Returns a NoSuchObject result
	yes	no	JNDI	Returns a Referral LdapResult, with the ancestor's URLs
			protocol	Returns a Referral LdapResult, with the ancestor's URLs
		yes	JNDI	Returns an UnwillingToPerform error
			protocol	Returns an UnwillingToPerform error
yes	no	no	JNDI	Compares the object and returns the result
			protocol	Compares the object and returns the result
		yes	JNDI	Compares the object and returns the result
			protocol	Compares the object and returns the result

An entry cannot exist and have an ancestor.

Delete Operation handling

target exists	has an ancestor	ManageDsaIT present	JNDI/protocol handling	Description
no	no	no	JNDI	Returns a NoSuchObject result
			protocol	Returns a NoSuchObject result
		yes	JNDI	Returns a NoSuchObject result
			protocol	Returns a NoSuchObject result
	yes	no	JNDI	Returns a Referral LdapResult, with the ancestor's URLs
			protocol	Returns a Referral LdapResult, with the ancestor's URLs
		yes	JNDI	Returns a NoSuchObject result
			protocol	Returns a NoSuchObject result
yes	no	no	JNDI	Deletes the object
			protocol	Deletes the object
		yes	JNDI	Deletes the object
			protocol	Deletes the object

An entry cannot exist and have an ancestor.

Modify Operation handling

target exists	has an ancestor	ManageDsaIT present	JNDI/protocol handling	Description
no	no	no	JNDI
			protocol
		yes	JNDI
			protocol
	yes	no	JNDI
			protocol
		yes	JNDI
			protocol
yes	no	no	JNDI
			protocol
		yes	JNDI
			protocol

An entry cannot exist and have an ancestor.

ModifyDN Operation handling

target exists	has an ancestor	ManageDsaIT present	JNDI/protocol handling	Description
no	no	no	JNDI	Returns a NoSuchObject result
			protocol	Returns a NoSuchObject result
		yes	JNDI	Returns a NoSuchObject result
			protocol	Returns a NoSuchObject result
	yes	no	JNDI	Returns a Referral LdapResult, with the ancestor's URLs
			protocol	Returns a Referral LdapResult, with the ancestor's URLs
		yes	JNDI	Returns a NoSuchObject result
			protocol	Returns a NoSuchObject result
yes	no	no	JNDI	Deletes the object
			protocol	Deletes the object
		yes	JNDI	Deletes the object
			protocol	Deletes the object

An entry cannot exist and have an ancestor.

Search Operation handling

target exists	has an ancestor	ManageDsaIT present	JNDI/protocol handling	Description
no	no	no	JNDI	Returns a NoSuchObject result
			protocol	Returns a NoSuchObject result
		yes	JNDI	Returns a NoSuchObject result
			protocol	Returns a NoSuchObject result
	yes	no	JNDI	Returns a Referral LdapResult, with the ancestor's URLs
			protocol	Returns a Referral LdapResult, with the ancestor's URLs
		yes	JNDI	Returns a NoSuchObject result
			protocol	Returns a NoSuchObject result
yes	no	no	JNDI	Deletes the object
			protocol	Deletes the object
		yes	JNDI	Deletes the object
			protocol	Deletes the object

An entry cannot exist and have an ancestor.

case #1: Target is not a referral, has no ancestor which is a referraThe presence of the ManageDsaIT control is irrelevent.
JNDI handlingAs the entry is not a referral, whatever value is set to the Context.REFERRAL property, the response will be the same : the server simply returns the entry if it existsMINA provider handling

...