From 810ff9ec9d8603ce198500e6f6b215d942f14ddd Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Thu, 8 Feb 2007 02:41:56 +0000 Subject: [PATCH] ITS#4835 add disclaimers about these definitions, use Auxiliary --- servers/slapd/schema/dyngroup.schema | 29 +++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/servers/slapd/schema/dyngroup.schema b/servers/slapd/schema/dyngroup.schema index 46a67fb7c8..5adb0a7441 100644 --- a/servers/slapd/schema/dyngroup.schema +++ b/servers/slapd/schema/dyngroup.schema @@ -14,12 +14,11 @@ ## . # # Dynamic Group schema (experimental), as defined by Netscape. See -# http://enterprise.netscape.com/docs/enterprise/60/admin/esusrgrp.htm#1019520 -# for details. +# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf +# page 70 for details on how these groups were used. # -# The above URL is no longer valid; an archive of old Netscape documentation -# is available here: -# http://www.redhat.com/docs/manuals/ent-server/ +# A description of the objectclass definition is available here: +# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745 # # depends upon: # core.schema @@ -27,7 +26,23 @@ # These definitions are considered experimental due to the lack of # a formal specification (e.g., RFC). # -# Not recommended for production use! Use with caution! +# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION! +# +# The Netscape documentation describes this as an auxiliary objectclass +# but their implementations have always defined it as a structural class. +# The sloppiness here is because Netscape-derived servers don't actually +# implement the X.500 data model, and they don't honor the distinction +# between structural and auxiliary classes. This fact is noted here: +# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636 +# +# In accordance with the actual usage in practice, we define it as an +# auxiliary class. +# +# Our definition of memberURL also does not match theirs but again +# their published definition and what works in practice do not agree. +# In other words, the Netscape definitions are broken and interoperability +# is not guaranteed. +# objectIdentifier NetscapeRoot 2.16.840.1.113730 @@ -42,7 +57,7 @@ attributetype ( NetscapeLDAPattributeType:198 objectClass ( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' - SUP top STRUCTURAL + SUP top AUXILIARY MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) ) -- 2.39.5