7 INTERNET-DRAFT Kurt D. Zeilenga
8 Intended Category: Standard Track OpenLDAP Foundation
9 Expires in six months 17 May 2002
13 LDAP True/False Filters
14 <draft-zeilenga-ldap-t-f-02.txt>
19 This document is an Internet-Draft and is in full conformance with all
20 provisions of Section 10 of RFC2026.
22 This document is intended to be, after appropriate review and
23 revision, submitted to the RFC Editor as a Standard Track document.
24 Distribution of this memo is unlimited. Technical discussion of this
25 document will take place on the IETF LDAP Extensions Working Group
26 mailing list <ietf-ldapext@netscape.com>. Please send editorial
27 comments directly to the author <Kurt@OpenLDAP.org>.
29 Internet-Drafts are working documents of the Internet Engineering Task
30 Force (IETF), its areas, and its working groups. Note that other
31 groups may also distribute working documents as Internet-Drafts.
32 Internet-Drafts are draft documents valid for a maximum of six months
33 and may be updated, replaced, or obsoleted by other documents at any
34 time. It is inappropriate to use Internet-Drafts as reference
35 material or to cite them other than as ``work in progress.''
37 The list of current Internet-Drafts can be accessed at
38 <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
39 Internet-Draft Shadow Directories can be accessed at
40 <http://www.ietf.org/shadow.html>.
42 Copyright 2002, The Internet Society. All Rights Reserved.
44 Please see the Copyright section near the end of this document for
50 This document extends the Lightweight Directory Access Protocol (LDAP)
51 to support absolute True and False filters based upon similar
52 capabilities found in X.500 directory systems. The document also
53 extends the String Representation of LDAP Search Filters to support
58 Zeilenga LDAP True/False Filters [Page 1]
60 INTERNET-DRAFT draft-zeilenga-ldap-t-f-02.txt 17 May 2002
63 1. Background and Intended Use
65 The X.500 Directory Access Protocol (DAP) [X.511] supports absolute
66 True and False assertions. An 'and' filter with zero elements always
67 evaluates to True. An 'or' filter with zero elements always evaluates
68 to False. These filters are commonly used when requesting DSA-
69 specific Entries (DSEs) which do not necessarily have objectClass
70 attributes. That is, where "(objectClass=*)" may evaluate to False.
72 While LDAPv2 [RFC1777] placed no restriction on the number of elements
73 in 'and' and 'or' filter sets, the LDAPv2 string representation
74 [RFC1960] could not represent empty 'and' and 'or' filter sets. Due
75 to this, LDAPv3 [RFC2251] required 'and' and 'or' filter sets to have
76 at least one element. Hence, LDAPv3 does not provide absolute True or
79 This documents extends LDAPv3 [RFC2251] to support absolute True and
80 False matches by allowing empty 'and' and 'or' and extends the filter
81 string representation [RFC2254] to allow empty filter lists.
83 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
84 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
85 document are to be interpreted as described in BCP 14 [RFC2119].
88 2. Absolute True and False Filters
90 Implementations of this extension SHALL allow 'and' and 'or' choices
91 with zero filter elements.
93 An 'and' Filter consisting of an empty set of filters SHALL evaluate
94 to True. This filter is to represented by the string "(&)".
96 An 'or' Filter consisting of an empty set of filters SHALL evaluate to
97 False. This filter is to represented by the string "(|)".
99 Servers supporting this feature SHOULD publish the Object Identifier
100 1.3.6.1.4.1.4203.1.5.3 as a value of the supportedFeatures [FEATURES]
101 attribute in the root DSE.
103 Clients supporting this feature SHOULD NOT use the feature unless they
104 have knowledge the server supports it.
107 3. Security Considerations
109 The (re)introduction of absolute True and False filters does not raise
110 any new security considerations.
114 Zeilenga LDAP True/False Filters [Page 2]
116 INTERNET-DRAFT draft-zeilenga-ldap-t-f-02.txt 17 May 2002
119 Implementors of this (or any) LDAP extension should be familiar with
120 general LDAP general security considerations [LDAPTS].
123 4. IANA Considerations
125 No IANA assignments are requested.
127 This document uses the OID 1.3.6.1.4.1.4203.1.5.3 to identify the
128 feature described above. This OID was assigned [ASSIGN] by OpenLDAP
129 Foundation under its IANA assigned private enterprise allocation
130 [PRIVATE] for use in this specification.
140 6. Normative References
142 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
143 Requirement Levels", BCP 14 (also RFC 2119), March 1997.
145 [RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
146 Protocol (v3)", RFC 2251, December 1997.
148 [RFC2254] T. Howes, "A String Representation of LDAP Search Filters",
149 RFC 2254, December 1997.
151 [LDAPTS] J. Hodges, R. Morgan, "Lightweight Directory Access
152 Protocol (v3): Technical Specification",
153 draft-ietf-ldapbis-ldapv3-ts-xx.txt (a work in progress).
155 [FEATURES] K. Zeilenga, "Feature Discovery in LDAP",
156 draft-zeilenga-ldap-features-xx.txt (a work in progress).
159 7. Informative References
161 [RFC1777] Yeong, W., Howes, T., and S. Kille, "Lightweight Directory
162 Access Protocol", RFC 1777, March 1995.
164 [RFC1960] T. Howes, "A String Representation of LDAP Search Filters",
170 Zeilenga LDAP True/False Filters [Page 3]
172 INTERNET-DRAFT draft-zeilenga-ldap-t-f-02.txt 17 May 2002
175 [X.500] ITU-T Rec. X.500, "The Directory: Overview of Concepts,
176 Models and Service", 1993.
178 [X.511] ITU-T Rec. X.511, "The Directory: Abstract Service
181 [ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations",
182 http://www.openldap.org/foundation/oid-delegate.txt.
184 [PRIVATE] IANA, "Private Enterprise Numbers",
185 http://www.iana.org/assignments/enterprise-numbers.
189 Copyright 2002, The Internet Society. All Rights Reserved.
191 This document and translations of it may be copied and furnished to
192 others, and derivative works that comment on or otherwise explain it
193 or assist in its implementation may be prepared, copied, published and
194 distributed, in whole or in part, without restriction of any kind,
195 provided that the above copyright notice and this paragraph are
196 included on all such copies and derivative works. However, this
197 document itself may not be modified in any way, such as by removing
198 the copyright notice or references to the Internet Society or other
199 Internet organizations, except as needed for the purpose of
200 developing Internet standards in which case the procedures for
201 copyrights defined in the Internet Standards process must be followed,
202 or as required to translate it into languages other than English.
204 The limited permissions granted above are perpetual and will not be
205 revoked by the Internet Society or its successors or assigns.
207 This document and the information contained herein is provided on an
208 "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET
209 ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
210 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
211 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
212 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
226 Zeilenga LDAP True/False Filters [Page 4]