[tpop3d-discuss] Re: LDAP search scope (was: tpop3d v1.4.1pre4)

Prune prune at lecentre.net
Mon, 25 Feb 2002 17:28:06 +0100 

--------------060307070903080703000704
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit



Chris Lightfoot wrote:

>On Mon, Feb 25, 2002 at 05:14:24PM +0100, Prune wrote:
>    [...]
>
>>the scope is 2 (sub).
>>
>
>Is this a useful thing to be able to configure?
>
no,

the scope is the way to tell ldap to search at the level specified in 
the DN, or one level under, or all levels under.
ex :

            ou=us
                |
                |
    +--------------------+
ou=foo                ou=bar
    |                            |
                    +------------------+
            uid=john                uid=ben


If you specify as base dn :    dn: ou=us

a search of scope 0 will return nothing, as you only have ou=us in this 
scope
a scope of 1 will return ou=foo or ou=bar
a scope of 2 will return ou=foo, ou=bar, uid=john and uid=ben

Normaly, depending on your schema, you define the base DN as far as 
possible. If you only want to authenticate users in ou=bar, that gives : 
ou=bar,ou=us
there will be no difference between scope 1 or 2.

If you define something below uid=xxx, then you may need to change the 
scope.... but I don't think this is used in ldap design.

Prune

--------------060307070903080703000704
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html>
<head>
</head>
<body>
<br>
<br>
Chris Lightfoot wrote:<br>
<blockquote type="cite" cite="mid:20020225162144.GA6132@aquila.esc.cam.ac.uk">
  <pre wrap="">On Mon, Feb 25, 2002 at 05:14:24PM +0100, Prune wrote:<br>    [...]<br></pre>
  <blockquote type="cite">
    <pre wrap="">the scope is 2 (sub).<br></pre>
    </blockquote>
    <pre wrap=""><!----><br>Is this a useful thing to be able to configure?<br><br></pre>
    </blockquote>
no,<br>
    <br>
the scope is the way to tell ldap to search at the level specified in the
DN, or one level under, or all levels under.<br>
ex : <br>
    <br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ou=us<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;|<br>
&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp; |<br>
&nbsp;&nbsp;&nbsp; +--------------------+<br>
ou=foo &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; ou=bar<br>
&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; |<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; +------------------+<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; uid=john&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; uid=ben<br>
    <br>
    <br>
If you specify as base dn : &nbsp; &nbsp;dn: ou=us<br>
    <br>
a search of scope 0 will return nothing, as you only have ou=us in this scope<br>
a scope of 1 will return ou=foo or ou=bar<br>
a scope of 2 will return ou=foo, ou=bar,  uid=john and uid=ben<br>
    <br>
Normaly, depending on your schema, you define the base DN as far as possible.
If you only want to authenticate users in ou=bar, that gives : ou=bar,ou=us<br>
there will be no difference between scope 1 or 2.<br>
    <br>
If you define something below uid=xxx, then you may need to change the scope....
but I don't think this is used in ldap design.<br>
    <br>
Prune<br>
    </body>
    </html>

--------------060307070903080703000704--