2 Network Working Group J;. Sermersheim
3 Internet-Draft Novell, Inc
4 Updates: 2251 (if approved) July 2004
5 Expires: December 30, 2004
8 Subordinate Subtree Search Scope for LDAP
9 draft-sermersheim-ldap-subordinate-scope-00.txt
13 This document is an Internet-Draft and is subject to all provisions
14 of section 3 of RFC 3667. By submitting this Internet-Draft, each
15 author represents that any applicable patent or other IPR claims of
16 which he or she is aware have been or will be disclosed, and any of
17 which he or she become aware will be disclosed, in accordance with
20 Internet-Drafts are working documents of the Internet Engineering
21 Task Force (IETF), its areas, and its working groups. Note that
22 other groups may also distribute working documents as
25 Internet-Drafts are draft documents valid for a maximum of six months
26 and may be updated, replaced, or obsoleted by other documents at any
27 time. It is inappropriate to use Internet-Drafts as reference
28 material or to cite them other than as "work in progress."
30 The list of current Internet-Drafts can be accessed at
31 http://www.ietf.org/ietf/1id-abstracts.txt.
33 The list of Internet-Draft Shadow Directories can be accessed at
34 http://www.ietf.org/shadow.html.
36 This Internet-Draft will expire on December 30, 2004.
40 Copyright (C) The Internet Society (2004).
44 The Lightweight Directory Application Protocol (LDAP) specification
45 supports three scope values for the search operation -- namely:
46 baseObject, singleLevel, and wholeSubtree. This document introduces
47 a subordinateSubtree scope which constrains the search scope to all
48 subordinates of the named base object.
54 Sermersheim Expires December 30, 2004 [Page 1]
56 Internet-Draft Subordinate Subtree Search Scope for LDAP July 2004
59 Technical discussion of this document will take place on the IETF
60 LDAP Extensions mailing list <ldapext@ietf.org>. Please send
61 editorial comments directly to the author.
65 There are a number of reasons which have surfaced for introducing a
66 Lightweight Directory Application Protocol (LDAP) [RFC3377]
67 SearchRequest.scope [RFC2251] which constrains the search scope to
68 all subordinates of the named base object, and does not include the
69 base object (as wholeSubtree does). These reasons range from the
70 obvious utility of allowing an LDAP client application the ability to
71 exclude the base object from a wholeSubtree search scope, to
72 distributed operation applications which require this scope for
73 progressing search sub-operations resulting from an nssr DSE type
76 To meet these needs, the subordinateSubtree scope value is
79 The subordinateSubtrees cope is applied to the SearchRequest.scope
80 field, the <scope> type and alternately the <extension> type of the
81 LDAP URL [RFC2255] and may be applied to other specifications which
82 include an LDAP search scope. A mechanism is also given which allows
83 LDAP Directory Server Agents (DSA)s to advertise support of this
86 2. Application to SearchRequest.scope
88 A new item is added to this ENUMERATED type. The identifier is
89 subordinateSubtree and the number is 4.
91 A DSA which receives and supports the subordinateSubtree
92 SearchRequest.scope constrains the search scope to all subordinate
95 A DSA which receives but does not support the subordinateSubtree
96 SearchRequest.scope returns a protocolError resultCode in the
99 3. LDAP URL applications
101 The LDAP URL [RFC2255] specification allows the conveyance of a
102 search scope. This section intoduces two ways in which the
103 subordinateScope search scope may be conveyed in an LDAP URL. One
104 way is by allowing a new "subord" scope in the <scope> part. Another
105 way is through the introduction of an LDAP URL extension. The LDAP
106 URL extension method is preferred for its criticality semantics.
110 Sermersheim Expires December 30, 2004 [Page 2]
112 Internet-Draft Subordinate Subtree Search Scope for LDAP July 2004
115 3.1 Application to LDAP URL <scope>
117 A new <scope> value of "subord" is added. Using the <scope> type
118 from LDAP URL [RFC2255], the ABNF is as follows:
122 Implementations processing but which do not understand or support the
123 "subord" <scope> of an LDAP URL raise an appropriate error.
125 3.2 Application to LDAP URL <extension>
127 An LDAP URL <extension> mechanism is introduced here. The <extype>
128 is IANA-ASSIGNED-OID.1 or the descriptor 'subordScope', and the
129 exvalue is omitted. The extension may be marked as either critical
132 If supported, the subordScope extension overrides any value set in
135 4. DSA Advertisement of support
137 A DSA may advertise its support of the subordinateSubtree item in the
138 SearchRequest.scope by inclusion of IANA-ASSIGNED-OID.2 in the
139 'supportedFeatures' attribute of the root DSE.
141 5. Security Considerations
143 This specification introduces no security concerns above any
144 associated with the existing wholeSubtree search scope value.
146 As with the wholeSubtree search scope, this scope specifies that a
147 search be applied to an entire subtree hierarchy. Implementations
148 should be aware of the relative cost of using or allowing this scope.
150 6 Normative References
152 [RFC2251] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory
153 Access Protocol (v3)", RFC 2251, December 1997.
155 [RFC2255] Howes, T. and M. Smith, "The LDAP URL Format", RFC 2255,
158 [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
159 Protocol (v3): Technical Specification", RFC 3377,
162 [RFC3383] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
166 Sermersheim Expires December 30, 2004 [Page 3]
168 Internet-Draft Subordinate Subtree Search Scope for LDAP July 2004
171 Considerations for the Lightweight Directory Access
172 Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
179 1800 South Novell Place
183 Phone: +1 801 861-3088
184 EMail: jimse@novell.com
186 Appendix A. IANA Considerations
188 Registration of the following values is requested [RFC3383].
190 A.1 LDAP Object Identifier Registrations
192 It is requested that IANA register upon Standards Action an LDAP
193 Object Identifier in identifying the protocol elements defined in
194 this technical specification. The following registration template is
197 Subject: Request for LDAP OID Registration
198 Person & email address to contact for further information:
201 Specification: RFCXXXX
202 Author/Change Controller: IESG
204 2 delegations will be made under the assigned OID:
205 IANA-ASSIGNED-OID.1 subordScope LDAP URL extension
206 IANA-ASSIGNED-OID.2 subordinateScope Supported Feature
208 A.2 LDAP Protocol Mechanism Registrations
210 It is requested that IANA register upon Standards Action the LDAP
211 protocol mechanism described in this document. The following
212 registration templates are given:
214 Subject: Request for LDAP Protocol Mechanism Registration
215 Object Identifier: IANA-ASSIGNED-OID.1
216 Description: subordScope LDAP URL extension
217 Person & email address to contact for further information:
222 Sermersheim Expires December 30, 2004 [Page 4]
224 Internet-Draft Subordinate Subtree Search Scope for LDAP July 2004
230 Specification: RFCXXXX
231 Author/Change Controller: IESG
234 A.3 LDAP Descriptor Registrations
236 It is requested that IANA register upon Standards Action the LDAP
237 descriptors described in this document. The following registration
240 Subject: Request for LDAP Descriptor Registration
241 Descriptor (short name): subordScope
242 Object Identifier: IANA-ASSIGNED-OID.1
243 Person & email address to contact for further information:
247 Specification: RFCXXXX
248 Author/Change Controller: IESG
278 Sermersheim Expires December 30, 2004 [Page 5]
280 Internet-Draft Subordinate Subtree Search Scope for LDAP July 2004
283 Intellectual Property Statement
285 The IETF takes no position regarding the validity or scope of any
286 Intellectual Property Rights or other rights that might be claimed to
287 pertain to the implementation or use of the technology described in
288 this document or the extent to which any license under such rights
289 might or might not be available; nor does it represent that it has
290 made any independent effort to identify any such rights. Information
291 on the procedures with respect to rights in RFC documents can be
292 found in BCP 78 and BCP 79.
294 Copies of IPR disclosures made to the IETF Secretariat and any
295 assurances of licenses to be made available, or the result of an
296 attempt made to obtain a general license or permission for the use of
297 such proprietary rights by implementers or users of this
298 specification can be obtained from the IETF on-line IPR repository at
299 http://www.ietf.org/ipr.
301 The IETF invites any interested party to bring to its attention any
302 copyrights, patents or patent applications, or other proprietary
303 rights that may cover technology that may be required to implement
304 this standard. Please address the information to the IETF at
308 Disclaimer of Validity
310 This document and the information contained herein are provided on an
311 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
312 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
313 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
314 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
315 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
316 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
321 Copyright (C) The Internet Society (2004). This document is subject
322 to the rights, licenses and restrictions contained in BCP 78, and
323 except as set forth therein, the authors retain all their rights.
328 Funding for the RFC Editor function is currently provided by the
334 Sermersheim Expires December 30, 2004 [Page 6]
projects / openldap / blob