2 draft-ietf-ldup-subentry-01.txt
10 1. Status of this Memo
12 This document is an Internet-Draft and is in full conformance with all
13 provisions of Section 10 of RFC2026.
15 Internet-Drafts are working documents of the Internet Engineering Task
16 Force (IETF), its areas, and its working groups. Note that other
17 groups may also distribute working documents as Internet-Drafts.
19 Internet-Drafts are draft documents valid for a maximum of six months
20 and may be updated, replaced, or obsoleted by other documents at any
21 time. It is inappropriate to use Internet-Drafts as reference material
22 or to cite them other than as "work in progress."
24 The list of current Internet-Drafts can be accessed at
25 http://www.ietf.org/ietf/1id-abstracts.txt.
27 The list of Internet-Draft Shadow Directories can be accessed at
28 http://www.ietf.org/shadow.html.
30 This Internet-Draft expires on February 29, 1999.
35 This document describes an object class called ldapSubEntry which MAY
36 be used to indicate operations and management related entries in the
37 directory, called LDAP Subentries. This version of this document is
38 updated with an assigned OID for the ldapSubEntry object class.
40 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
41 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
42 document are to be interpreted as described in RFC 2119 [RFC2119]. The
43 sections below reiterate these definitions and include some additional
52 Expires February 29, 2000
\f
55 INTERNET-DRAFT 29 August 1999
61 3.1 ldapSubEntry Class
63 ( 2.16.840.1.113719.2.142.6.1.1 NAME 'ldapSubEntry'
64 DESC 'LDAP Subentry class, version 1'
68 The class ldapSubEntry is intended to be used as a super class when
69 defining other structural classes to be used as LDAP Subentries. The
70 presence of ldapSubEntry in the list of super-classes of an entry in
71 the directory makes that entry an LDAP Subentry. Object classes
72 derived from ldapSubEntry are themselves considered ldapSubEntry
73 classes, for the purpose of this discussion.
75 LDAP Subentries MAY be named by their commonName attribute [LDAPv3].
76 Other naming attributes are also permitted.
78 LDAP Subentries MAY be containers, unlike their [X.501] counterparts.
80 LDAP Subentries MAY be contained by, and will usually be located in
81 the directory information tree immediately subordinate to,
82 administrative points and/or naming contexts [LDUPINFO]. Further
83 (unlike X.500 subentries), LDAP Subentries MAY be contained by other
84 LDAP Subentries (the way organizational units may be contained by
85 other organizational units). Deep nestings of LDAP Subentries are
86 discouraged, but not prohibited.
88 LDAP Subentries SHOULD be treated as "operational objects" in much the
89 same way that "operational attributes" are not regularly provided in
90 search results and read operations when only user attributes are
93 LDAP servers SHOULD implement the following special handling of
96 a) search operations which include a matching criteria
97 "objectclass=ldapSubEntry" MUST include entries derived from the
98 ldapSubEntry class in the scope of their operations;
100 b) search operations which do not include a matching criteria
101 "objectclass=ldapSubEntry" MUST IGNORE entries derived from the
102 ldapSubEntry class, and exclude them from the scope of their
108 Expires February 29, 2000
\f
111 INTERNET-DRAFT 29 August 1999
114 The combination of SHOULD and MUST in the special handling
115 instructions, above, are meant to convey this: Servers SHOULD support
116 this special handling, and if they do they MUST do it as described,
117 and not some other way.
121 4. Security Considerations
123 LDAP Subentries will frequently be used to hold data which reflects
124 either the actual or intended behavior of the directory service. As
125 such, permission to read such entries MAY need to be restricted to
126 authorized users. More importantly, IF a directory service treats the
127 information in an LDAP Subentry as the authoritative source of policy
128 to be used to control the behavior of the directory, then permission
129 to create, modify, or delete such entries MUST be carefully restricted
130 to authorized administrators.
136 [LDUPINFO] _ E. Reed, "LDUP Replication Information Model", draft-
137 ietf-ldup-infomod-01.txt
139 [LDAPv3] S. Kille, M. Wahl, and T. Howes, "Lightweight Directory
140 Access Protocol (v3)", RFC 2251, December 1997
142 [X.501] ITU-T Rec. X.501, "The Directory: Models", 1993
148 Copyright (C) The Internet Society (1999). All Rights Reserved.
150 This document and translations of it may be copied and furnished to
151 others, and derivative works that comment on or otherwise explain it
152 or assist in its implementation may be prepared, copied, published and
153 distributed, in whole or in part, without restriction of any kind,
154 provided that the above copyright notice and this paragraph are
155 included on all such copies and derivative works. However, this
156 document itself may not be modified in any way, such as by removing
157 the copyright notice or references to the Internet Society or other
158 Internet organizations, except as needed for the purpose of developing
159 Internet standards in which case the procedures for copyrights defined
160 in the Internet Standards process must be followed, or as required to
161 translate it into languages other than English.
164 Expires February 29, 2000
\f
167 INTERNET-DRAFT 29 August 1999
171 The limited permissions granted above are perpetual and will not be
172 revoked by the Internet Society or its successors or assigns.
174 This document and the information contained herein is provided on an
175 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
176 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
177 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
178 WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
179 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
184 The use of subEntry object class to store Replica and Replication
185 Agreement information is due primarily to the lucid explanation by
186 Mark Wahl, Innosoft, of how they could be used and extended.
188 The IETF takes no position regarding the validity or scope of any
189 intellectual property or other rights that might be claimed to pertain
190 to the implementation or use of the technology described in this
191 document or the extent to which any license under such rights might or
192 might not be available; neither does it represent that it has made any
193 effort to identify any such rights. Information on the IETF's
194 procedures with respect to rights in standards-track and standards-
195 related documentation can be found in BCP-11. Copies of claims of
196 rights made available for publication and any assurances of licenses
197 to be made available, or the result of an attempt made to obtain a
198 general license or permission for the use of such proprietary rights
199 by implementors or users of this specification can be obtained from
200 the IETF Secretariat.
202 The IETF invites any interested party to bring to its attention any
203 copyrights, patents or patent applications, or other proprietary
204 rights which may cover technology that may be required to practice
205 this standard. Please address the information to the IETF Executive
216 E-mail: Ed_Reed@Novell.com
220 Expires February 29, 2000
\f
223 INTERNET-DRAFT 29 August 1999
226 LDUP Mailing List: ietf-ldup@imc.org
276 Expires February 29, 2000
\f