Kurt,
> > -----Original Message-----
> > From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
[...]
> > 2) I noticed a number of places where the only description
> > of an application restriction upon the element (e.g.,
> > pcelsIPHdrVersion) was in a comment field (e.g., DESC) in the
> > formal language (RFC2252) description of the element. These
> > restrictions should be stated in prose.
>
> The restrictions are fully documented by the information
> model (rfc3460). Are you suggesting that we should re-state
> their applicability to the LDAP Schema?
>
> >
> > 3) As application restrictions upon values are not enforced
> > by the directory, the specification should state how
> > applications are to behave if they find values in the
> > directory which, per the application restrictions, are
> > invalid. For instance, how are applications to deal with
> > negative pcelsPriority values?
>
> The last of the opening remarks for Section 5. (Note 5)
> indicates that:
> " if a constraint is violated, then the
> policy rule(s) /group(s) SHOULD be treated as being
> disabled, meaning
> that execution of the policy rule(s) /group(s) SHOULD be stopped."
> Do you find this insufficient?
Does the text below address the issues 2) and 3) (from your list)?
(candidate text for replacing Note 5 in section 5 of PCELS-04)
" Note 5: Some of the following attribute definitions MUST conform
to additional constraints on various data types (e.g. "Policy
priority. Valid values: any non-negative integer."). Just like
the attribute semantics, the definition of the value structures,
valid ranges, etc. is covered by [PCIM_EXT] for the corresponding
properties while in this document such constraints are only briefly
mentioned. In all cases, if a constraint is violated, the entry
SHOULD be treated as invalid and the policy rules or groups that
refer to it SHOULD be treated as being disabled, meaning that the
execution of such policy rules or groups SHOULD be stopped."
Thanks,
Mircea