7 INTERNET-DRAFT Kurt D. Zeilenga
8 Intended Category: Standard Track OpenLDAP Foundation
9 Expires in six months 3 May 2003
13 LDAP Absolute True and False Filters
14 <draft-zeilenga-ldap-t-f-05.txt>
19 This document is an Internet-Draft and is in full conformance with all
20 provisions of Section 10 of RFC2026.
22 This document is intended to be, after appropriate review and
23 revision, submitted to the RFC Editor as a Standard Track document.
24 Distribution of this memo is unlimited. Technical discussion of this
25 document will take place on the IETF LDAP Extensions Working Group
26 mailing list <ldapext@ietf.org>. Please send editorial comments
27 directly to the author <Kurt@OpenLDAP.org>.
29 Internet-Drafts are working documents of the Internet Engineering Task
30 Force (IETF), its areas, and its working groups. Note that other
31 groups may also distribute working documents as Internet-Drafts.
32 Internet-Drafts are draft documents valid for a maximum of six months
33 and may be updated, replaced, or obsoleted by other documents at any
34 time. It is inappropriate to use Internet-Drafts as reference
35 material or to cite them other than as ``work in progress.''
37 The list of current Internet-Drafts can be accessed at
38 <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
39 Internet-Draft Shadow Directories can be accessed at
40 <http://www.ietf.org/shadow.html>.
42 Copyright 2003, The Internet Society. All Rights Reserved.
44 Please see the Copyright section near the end of this document for
50 This document extends the Lightweight Directory Access Protocol (LDAP)
51 to support absolute True and False filters based upon similar
52 capabilities found in X.500 directory systems. The document also
53 extends the String Representation of LDAP Search Filters to support
58 Zeilenga LDAP True & False Filters [Page 1]
60 INTERNET-DRAFT draft-zeilenga-ldap-t-f-05.txt 3 May 2003
63 1. Background and Intended Use
65 The X.500 Directory Access Protocol (DAP) [X.511] supports absolute
66 True and False assertions. An 'and' filter with zero elements always
67 evaluates to True. An 'or' filter with zero elements always evaluates
68 to False. These filters are commonly used when requesting DSA-
69 specific Entries (DSEs) which do not necessarily have 'objectClass'
70 attributes. That is, where "(objectClass=*)" may evaluate to False.
72 While LDAPv2 [RFC1777] placed no restriction on the number of elements
73 in 'and' and 'or' filter sets, the LDAPv2 string representation
74 [RFC1960] could not represent empty 'and' and 'or' filter sets. Due
75 to this, absolute True or False filters were (unfortunately)
76 eliminated from LDAPv3 [RFC3377].
78 This documents extends LDAPv3 to support absolute True and False
79 matches by allowing empty 'and' and 'or' in Search filters [RFC2251]
80 and extends the filter string representation [RFC2254] to allow empty
83 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
84 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
85 document are to be interpreted as described in BCP 14 [RFC2119].
88 2. Absolute True and False Filters
90 Implementations of this extension SHALL allow 'and' and 'or' choices
91 with zero filter elements.
93 An 'and' filter consisting of an empty set of filters SHALL evaluate
94 to True. This filter is represented by the string "(&)".
96 An 'or' filter consisting of an empty set of filters SHALL evaluate to
97 False. This filter is represented by the string "(|)".
99 Servers supporting this feature SHOULD publish the Object Identifier
100 1.3.6.1.4.1.4203.1.5.3 as a value of the supportedFeatures [FEATURES]
101 attribute in the root DSE.
103 Clients supporting this feature SHOULD NOT use the feature unless they
104 have knowledge the server supports it.
107 3. Security Considerations
109 The (re)introduction of absolute True and False filters is not
110 believed to raise any new security considerations.
114 Zeilenga LDAP True & False Filters [Page 2]
116 INTERNET-DRAFT draft-zeilenga-ldap-t-f-05.txt 3 May 2003
119 Implementors of this (or any) LDAPv3 extension should be familiar with
120 general LDAPv3 security considerations [RFC3377].
123 4. IANA Considerations
125 The OID 1.3.6.1.4.1.4203.1.5.3 identifies the feature described above.
126 This OID was assigned [ASSIGN] by OpenLDAP Foundation, under its
127 IANA-assigned private enterprise allocation [PRIVATE], for use in this
130 Registration of this feature is requested [FEATURES][RFC3383].
132 Subject: Request for LDAP Protocol Mechanism Registration
133 Object Identifier: 1.3.6.1.4.1.4203.1.5.3
134 Description: T/F Filters
135 Person & email address to contact for further information:
136 Kurt Zeilenga <kurt@openldap.org>
138 Specification: RFCxxxx
139 Author/Change Controller: IESG
150 6. Normative References
152 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
153 Requirement Levels", BCP 14 (also RFC 2119), March 1997.
155 [RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
156 Protocol (v3)", RFC 2251, December 1997.
158 [RFC2254] T. Howes, "A String Representation of LDAP Search Filters",
159 RFC 2254, December 1997.
161 [RFC3377] J. Hodges, R. Morgan, "Lightweight Directory Access
162 Protocol (v3): Technical Specification", RFC 3377,
165 [FEATURES] K. Zeilenga, "Feature Discovery in LDAP",
166 draft-zeilenga-ldap-features-xx.txt (a work in progress).
170 Zeilenga LDAP True & False Filters [Page 3]
172 INTERNET-DRAFT draft-zeilenga-ldap-t-f-05.txt 3 May 2003
175 7. Informative References
177 [RFC1777] Yeong, W., Howes, T., and S. Kille, "Lightweight Directory
178 Access Protocol", RFC 1777, March 1995.
180 [RFC1960] T. Howes, "A String Representation of LDAP Search Filters",
183 [RFC3383] K. Zeilenga, "IANA Considerations for LDAP", BCP 64 (also
184 RFC 3383), September 2002.
186 [X.500] ITU-T Rec. X.500, "The Directory: Overview of Concepts,
187 Models and Service", 1993.
189 [X.511] ITU-T Rec. X.511, "The Directory: Abstract Service
192 [ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations",
193 http://www.openldap.org/foundation/oid-delegate.txt.
195 [PRIVATE] IANA, "Private Enterprise Numbers",
196 http://www.iana.org/assignments/enterprise-numbers.
199 Copyright 2003, The Internet Society. All Rights Reserved.
201 This document and translations of it may be copied and furnished to
202 others, and derivative works that comment on or otherwise explain it
203 or assist in its implementation may be prepared, copied, published and
204 distributed, in whole or in part, without restriction of any kind,
205 provided that the above copyright notice and this paragraph are
206 included on all such copies and derivative works. However, this
207 document itself may not be modified in any way, such as by removing
208 the copyright notice or references to the Internet Society or other
209 Internet organizations, except as needed for the purpose of
210 developing Internet standards in which case the procedures for
211 copyrights defined in the Internet Standards process must be followed,
212 or as required to translate it into languages other than English.
214 The limited permissions granted above are perpetual and will not be
215 revoked by the Internet Society or its successors or assigns.
217 This document and the information contained herein is provided on an
218 "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET
219 ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
220 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
221 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
222 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
226 Zeilenga LDAP True & False Filters [Page 4]
projects / openldap / blob