7 INTERNET-DRAFT Kurt D. Zeilenga
8 Intended Category: Experimental OpenLDAP Foundation
9 Expires in six months 3 May 2003
13 <draft-zeilenga-ldap-txn-06.txt>
18 This document is an Internet-Draft and is in full conformance with all
19 provisions of Section 10 of RFC2026.
21 This document is intended to be, after appropriate review and
22 revision, submitted to the RFC Editor as an Experimental document.
23 Distribution of this memo is unlimited. Technical discussion of this
24 document will take place on the IETF LDAP Extension Working Group
25 mailing list <ldapext@ietf.org>. Please send editorial comments
26 directly to the author <Kurt@OpenLDAP.org>.
28 Internet-Drafts are working documents of the Internet Engineering Task
29 Force (IETF), its areas, and its working groups. Note that other
30 groups may also distribute working documents as Internet-Drafts.
31 Internet-Drafts are draft documents valid for a maximum of six months
32 and may be updated, replaced, or obsoleted by other documents at any
33 time. It is inappropriate to use Internet-Drafts as reference
34 material or to cite them other than as ``work in progress.''
36 The list of current Internet-Drafts can be accessed at
37 <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
38 Internet-Draft Shadow Directories can be accessed at
39 <http://www.ietf.org/shadow.html>.
41 Copyright 2003, The Internet Society. All Rights Reserved.
43 Please see the Copyright section near the end of this document for
49 Lightweight Directory Access Protocol (LDAP) update operations acting
50 upon entries have atomic, consistency, isolation, durability (ACID)
51 properties. However, it is often desirable to update two or more
52 entries as one unit of interaction, a transaction. Transactions are
53 necessary to support a number of applications including resource
54 provisioning and information replication. This document defines an
58 Zeilenga LDAP Transactions [Page 1]
60 INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
63 LDAP extension to support transactions.
68 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
69 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
70 document are to be interpreted as described in BCP 14 [RFC2119].
72 Protocol elements are described using ASN.1 [X.680]. The term
73 "BER-encoded" means the element is to be encoded using the Basic
74 Encoding Rules [X.690] under the restrictions detailed in Section 5.1
80 This document extends the Lightweight Directory Access Protocol (LDAP)
81 [RFC3377] to allow clients to group a number of related update
82 operations [RFC2251] and have them preformed as one unit of
83 interaction, a transaction. As with distinct update operations, each
84 transaction has atomic, consistency, isolation, and durability
87 This extension uses the grouping mechanism provided by [GROUP] to
88 relate operations of the transaction. The createGrouping operation is
89 used to obtain a group cookie which is used to identify operations
90 which are apart of the transaction. The group cookie can be viewed as
91 a transaction identifier. The endGrouping operation is used to settle
92 (commit or abort) the transaction.
95 2. Specification of a Transaction
97 Servers implementing this specification SHOULD publish the
98 transactionGroupingType as a value of the 'supportedGroupingTypes'
99 attribute contained within the Root DSE.
101 transactionGroupingType ::= IANA-ASSIGNED-OID
103 A client wishing to preform a transaction issues a
104 createGroupingRequest with a createGroupType of
105 transactionGroupingType and no createGroupValue. A server which is
106 willing and able to support transactions returns a
107 createGroupingResponse with a success result code, a
108 createGroupCookie, and no createGroupValue. Otherwise the server
109 returns a non-success result code, no createGroupCookie, and no
114 Zeilenga LDAP Transactions [Page 2]
116 INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
119 The client then issues may issue one or more update (add, delete,
120 modify, rename) requests, each with a GroupingControl indicating they
121 are to processed as part of the transaction grouping. If the server
122 is willing and able to attempt to process operation as part of the
123 transaction, the server returns success. As further processing of the
124 operation is be deferred until settlement, the operation is considered
125 still outstanding and its messageID cannot to be reused until after
126 settlement. If the server is unwilling or unable to attempt to
127 process the operation as part of the transaction, the server returns a
128 non-successful result code.
130 If the server becomes unwilling or unable to continue the
131 specification of a transaction, the server return the canceled
132 resultCode for each deferred operation and then issue a endGroupNotice
133 with a non-success resultCode. Any future use of cookie by the client
134 will result in a response containing a non-success result code. Upon
135 receipt of a endGroupingNotice, the client is to discontinue all use
136 of the grouping cookie as the transaction is null and void.
138 A client requests settling of transaction by issuing an
139 endGroupingRequest where the groupingCookie is the group cookie
140 identify the transaction. The absence of any endGroupingValue
141 indicates a commit request. The presence of an empty endGroupValue
142 indicates an abort request. The endGroupValue MUST be empty if
145 If the commit response indicates failure, the server may return an
146 endGroupingValue with the endGroupingResponse. If so, it contains the
147 BER-encoding of a MessageID [RFC2251] of the update operation
148 associated with the failure.
151 3. Settling of the Transaction
153 Upon receipt of a request to abort the transaction, the server is to
154 abort the transaction and then return an endGroupingResponse
157 Upon receipt of a request to commit the transaction, the server
158 processes the group of update operations as one atomic, isolated
159 action with each update request being processed in turn. Either all
160 of the requested updates SHALL be successfully applied or none of the
161 requested SHALL be applied. If all are applied, the server returns an
162 endGroupingResponse indicating success. Otherwise, the server returns
163 an endGroupingResponse indicating the nature of the failure. If the
164 failure is associated with a particular update operation, the message
165 ID is returned an attached endGroupingValue. If the failure was not
166 associated with any particular update operation, no endGroupingValue
170 Zeilenga LDAP Transactions [Page 3]
172 INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
177 There is no requirement that a server serialize transactions. That
178 is, a server MAY process multiple transactions commit requests (from
179 one or more clients) acting upon different sets of entries
180 concurrently. A server MUST avoid deadlock.
183 4. Distributed Directory Considerations
185 The LDAP/X.500 models provide for distributed directory operations
186 including server-side chaining and client-side chasing of operations.
188 This document does not disallow servers from chaining operations which
189 are part of a transaction. However, if a server does allow such
190 chaining, it MUST ensure that transaction semantics detailed above are
193 This mechanism defined by this document does not support client-side
194 chasing. Grouping cookies used to identify the transaction are
195 specific to a particular client/server session.
197 The LDAP/X.500 models provide for a single-master/multiple-slave
198 replication architecture. This document states no requirement that
199 changes made to the directory based upon processing a transaction be
200 replicated as one atomic action. That is, the client SHOULD NOT
201 assume tight data consistency nor fast data convergence at slave
202 servers unless they have prior knowledge that such is provided.
203 Though this mechanism could be used to support replication, such use
204 is not described in this document.
206 The LDAP/X.500 models do not currently support a multi-master
207 replication architecture and, hence, not considered by this
211 5. Security Considerations
213 Transactions mechanisms and related grouping operations may be the
214 target of denial of service attacks. Implementors should provide
215 safeguards to ensure these mechanisms are not abused.
218 6. IANA Considerations
220 In accordance with [RFC3383], it is requested that Internet Assigned
221 Numbers Authority (IANA) make the following assignments.
226 Zeilenga LDAP Transactions [Page 4]
228 INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
231 6.1. Object Identifier
233 An LDAP Object Identifier to identify the grouping type defined in
234 this document is requested.
236 The following registration template is suggested:
238 Subject: Request for LDAP Object Identifier Registration
239 Person & email address to contact for further information:
240 Kurt Zeilenga <kurt@OpenLDAP.org>
241 Specification: RFCXXXX
242 Author/Change Controller: IESG
244 Identifies the LDAP Transactions Grouping Type
247 6.2. LDAP Protocol Mechanism
249 Registration of the protocol mechanisms defined in this document is
252 Subject: Request for LDAP Protocol Mechansism Registration
254 Object Identifier: IANA-ASSIGNED-OID
255 Description: LDAP Transaction Grouping Type
256 Person & email address to contact for further information:
257 Kurt Zeilenga <kurt@openldap.org>
259 Specification: RFCxxxx
260 Author/Change Controller: IESG
266 The author gratefully acknowledges the contributions made by members
267 of the Internet Engineering Task Force.
277 9. Normative References
282 Zeilenga LDAP Transactions [Page 5]
284 INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
287 [RFC2119] S. Bradner, "Key Words for use in RFCs to Indicate
288 Requirement Levels", BCP 14 (also RFC 2119), March 1997.
290 [RFC2251] M. Wahl, S. Kille, T. Howes, "Lightweight Directory Access
291 Protocol (v3)", RFC 2251, December 1997.
293 [RFC3377] J. Hodges, R. Morgan, "Lightweight Directory Access
294 Protocol (v3): Technical Specification", RFC 3377, September 2002.
296 [GROUP] K. Zeilenga, "LDAP: Grouping of Related Operations",
297 draft-zeilenga-ldap-grouping-xx.txt, a work in progress.
299 [X.680] ITU-T, "Abstract Syntax Notation One (ASN.1) - Specification
300 of Basic Notation", X.680, 1994.
302 [X.690] ITU-T, "Specification of ASN.1 encoding rules: Basic,
303 Canonical, and Distinguished Encoding Rules", X.690, 1994.
306 10. Informative References
308 [ACID] Section 4 of ISO/IEC 10026-1:1992.
310 [RFC3383] K. Zeilenga, "IANA Considerations for LDAP", BCP 64 (also
311 RFC 3383), September 2002.
313 [X.500] ITU-T, "The Directory: Overview of Concepts, Models, and
314 Services", X.500, 1993.
316 [X.501] ITU-T, "The Directory: Models", X.501, 1993.
319 Copyright 2003, The Internet Society. All Rights Reserved.
321 This document and translations of it may be copied and furnished
322 to others, and derivative works that comment on or otherwise explain
323 it or assist in its implementation may be prepared, copied, published
324 and distributed, in whole or in part, without restriction of any
325 kind, provided that the above copyright notice and this paragraph
326 are included on all such copies and derivative works. However,
327 this document itself may not be modified in any way, such as by
328 removing the copyright notice or references to the Internet Society
329 or other Internet organizations, except as needed for the purpose
330 of developing Internet standards in which case the procedures for
331 copyrights defined in the Internet Standards process must be followed,
332 or as required to translate it into languages other than English.
334 The limited permissions granted above are perpetual and will not
338 Zeilenga LDAP Transactions [Page 6]
340 INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
343 be revoked by the Internet Society or its successors or assigns.
345 This document and the information contained herein is provided on
346 an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
347 INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
348 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
349 OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
350 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
394 Zeilenga LDAP Transactions [Page 7]