6 INTERNET-DRAFT Kurt D. Zeilenga
7 Intended Category: Standard Track OpenLDAP Foundation
8 Expires in six months 10 February 2005
12 LDAP Absolute True and False Filters
13 <draft-zeilenga-ldap-t-f-10.txt>
18 This document is intended to be, after appropriate review and
19 revision, submitted to the RFC Editor as a Standard Track document.
20 Distribution of this memo is unlimited. Technical discussion of this
21 document will take place on the IETF LDAP Extensions mailing list
22 <ldapext@ietf.org>. Please send editorial comments directly to the
23 author <Kurt@OpenLDAP.org>.
25 By submitting this Internet-Draft, I accept the provisions of Section
26 4 of RFC 3667. By submitting this Internet-Draft, I certify that any
27 applicable patent or other IPR claims of which I am aware have been
28 disclosed, or will be disclosed, and any of which I become aware will
29 be disclosed, in accordance with RFC 3668.
31 Internet-Drafts are working documents of the Internet Engineering Task
32 Force (IETF), its areas, and its working groups. Note that other
33 groups may also distribute working documents as Internet-Drafts.
35 Internet-Drafts are draft documents valid for a maximum of six months
36 and may be updated, replaced, or obsoleted by other documents at any
37 time. It is inappropriate to use Internet-Drafts as reference material
38 or to cite them other than as "work in progress."
40 The list of current Internet-Drafts can be accessed at
41 http://www.ietf.org/1id-abstracts.html
43 The list of Internet-Draft Shadow Directories can be accessed at
44 http://www.ietf.org/shadow.html
47 Copyright (C) The Internet Society (2005). All Rights Reserved.
49 Please see the Full Copyright section near the end of this document
57 Zeilenga LDAP True & False Filters [Page 1]
59 INTERNET-DRAFT draft-zeilenga-ldap-t-f-10.txt 10 February 2005
64 This document extends the Lightweight Directory Access Protocol (LDAP)
65 to support absolute True and False filters based upon similar
66 capabilities found in X.500 directory systems. The document also
67 extends the String Representation of LDAP Search Filters to support
73 The X.500 Directory Access Protocol (DAP) [X.511] supports absolute
74 True and False assertions. An 'and' filter with zero elements always
75 evaluates to True. An 'or' filter with zero elements always evaluates
76 to False. These filters are commonly used when requesting DSA-
77 specific Entries (DSEs) which do not necessarily have 'objectClass'
78 attributes. That is, where "(objectClass=*)" may evaluate to False.
80 While LDAPv2 [RFC1777][RFC3494] placed no restriction on the number of
81 elements in 'and' and 'or' filter sets, the LDAPv2 string
82 representation [RFC1960][RFC3494] could not represent empty 'and' and
83 'or' filter sets. Due to this, absolute True or False filters were
84 (unfortunately) eliminated from LDAPv3 [Roadmap].
86 This documents extends LDAPv3 to support absolute True and False
87 assertions by allowing empty 'and' and 'or' in Search filters
88 [Protocol] and extends the filter string representation [Filters] to
89 allow empty filter lists.
91 It is noted that certain search operations, such as those used to
92 retrieve subschema information [Models], require use of particular
93 filters. This document does not change these requirements.
95 This feature is intended to allow a more direct mapping between DAP
96 and LDAP (as needed to implement DAP-to-LDAP gateways).
98 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
99 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
100 document are to be interpreted as described in BCP 14 [RFC2119].
103 2. Absolute True and False Filters
105 Implementations of this extension SHALL allow 'and' and 'or' choices
106 with zero filter elements.
108 An 'and' filter consisting of an empty set of filters SHALL evaluate
109 to True. This filter is represented by the string "(&)".
113 Zeilenga LDAP True & False Filters [Page 2]
115 INTERNET-DRAFT draft-zeilenga-ldap-t-f-10.txt 10 February 2005
118 An 'or' filter consisting of an empty set of filters SHALL evaluate to
119 False. This filter is represented by the string "(|)".
121 Servers supporting this feature SHOULD publish the Object Identifier
122 1.3.6.1.4.1.4203.1.5.3 as a value of the 'supportedFeatures' [RFC3674]
123 attribute in the root DSE.
125 Clients supporting this feature SHOULD NOT use the feature unless they
126 have knowledge the server supports it.
129 3. Security Considerations
131 The (re)introduction of absolute True and False filters is not
132 believed to raise any new security considerations.
134 Implementors of this (or any) LDAPv3 extension should be familiar with
135 general LDAPv3 security considerations [Roadmap].
138 4. IANA Considerations
140 Registration of this feature is requested [BCP64bis].
142 Subject: Request for LDAP Protocol Mechanism Registration
143 Object Identifier: 1.3.6.1.4.1.4203.1.5.3
144 Description: True/False filters
145 Person & email address to contact for further information:
146 Kurt Zeilenga <kurt@openldap.org>
148 Specification: RFC XXXX
149 Author/Change Controller: IESG
152 This OID was assigned [ASSIGN] by OpenLDAP Foundation, under its
153 IANA-assigned private enterprise allocation [PRIVATE], for use in this
169 Zeilenga LDAP True & False Filters [Page 3]
171 INTERNET-DRAFT draft-zeilenga-ldap-t-f-10.txt 10 February 2005
174 [[Note to the RFC Editor: please replace the citation tags used in
175 referencing Internet-Drafts with tags of the form RFCnnnn where
179 6.1. Normative References
181 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
182 Requirement Levels", BCP 14 (also RFC 2119), March 1997.
184 [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
185 Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
188 [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
189 draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
191 [Models] Zeilenga, K. (editor), "LDAP: Directory Information
192 Models", draft-ietf-ldapbis-models-xx.txt, a work in
195 [Filters] Smith, M. (editor), LDAPbis WG, "LDAP: String
196 Representation of Search Filters",
197 draft-ietf-ldapbis-filter-xx.txt, a work in progress.
199 [Features] Zeilenga, K., "Feature Discovery in LDAP", RFC 3674,
203 6.2. Informative References
205 [RFC1777] Yeong, W., Howes, T., and S. Kille, "Lightweight
206 Directory Access Protocol", RFC 1777, March 1995.
208 [RFC1960] Howes, T., "A String Representation of LDAP Search
209 Filters", RFC 1960, June 1996.
211 [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
212 draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
214 [RFC3494] Zeilenga, K., "Lightweight Directory Access Protocol
215 version 2 (LDAPv2) to Historic Status", RFC 3494, March
218 [X.500] International Telecommunication Union -
219 Telecommunication Standardization Sector, "The Directory
220 -- Overview of concepts, models and services,"
221 X.500(1993) (also ISO/IEC 9594-1:1994).
225 Zeilenga LDAP True & False Filters [Page 4]
227 INTERNET-DRAFT draft-zeilenga-ldap-t-f-10.txt 10 February 2005
230 [X.501] International Telecommunication Union -
231 Telecommunication Standardization Sector, "The Directory
232 -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
234 [X.511] International Telecommunication Union -
235 Telecommunication Standardization Sector, "The
236 Directory: Abstract Service Definition", X.511(1993)
237 (also ISO/IEC 9594-3:1993).
239 [ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations",
240 http://www.openldap.org/foundation/oid-delegate.txt.
242 [PRIVATE] IANA, "Private Enterprise Numbers",
243 http://www.iana.org/assignments/enterprise-numbers.
247 Intellectual Property Rights
249 The IETF takes no position regarding the validity or scope of any
250 Intellectual Property Rights or other rights that might be claimed to
251 pertain to the implementation or use of the technology described in
252 this document or the extent to which any license under such rights
253 might or might not be available; nor does it represent that it has
254 made any independent effort to identify any such rights. Information
255 on the procedures with respect to rights in RFC documents can be found
256 in BCP 78 and BCP 79.
258 Copies of IPR disclosures made to the IETF Secretariat and any
259 assurances of licenses to be made available, or the result of an
260 attempt made to obtain a general license or permission for the use of
261 such proprietary rights by implementers or users of this specification
262 can be obtained from the IETF on-line IPR repository at
263 http://www.ietf.org/ipr.
265 The IETF invites any interested party to bring to its attention any
266 copyrights, patents or patent applications, or other proprietary
267 rights that may cover technology that may be required to implement
268 this standard. Please address the information to the IETF at
275 Copyright (C) The Internet Society (2005). This document is subject
276 to the rights, licenses and restrictions contained in BCP 78, and
277 except as set forth therein, the authors retain all their rights.
281 Zeilenga LDAP True & False Filters [Page 5]
283 INTERNET-DRAFT draft-zeilenga-ldap-t-f-10.txt 10 February 2005
286 This document and the information contained herein are provided on an
287 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
288 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
289 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
290 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
291 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
292 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
337 Zeilenga LDAP True & False Filters [Page 6]