Network Working Group P. Masarati
Internet-Draft Politecnico di Milano
Intended status: Standards Track H. Chu
-Expires: April 30, 2009 Symas Corp.
- October 27, 2008
+Expires: May 23, 2009 Symas Corp.
+ November 19, 2008
LDAP Dereference Control
- draft-masarati-ldap-deref.txt
+ draft-masarati-ldap-deref-00.txt
Status of this Memo
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
- This Internet-Draft will expire on April 30, 2009.
+ This Internet-Draft will expire on May 23, 2009.
-Masarati & Chu Expires April 30, 2009 [Page 1]
+Masarati & Chu Expires May 23, 2009 [Page 1]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
Abstract
-Masarati & Chu Expires April 30, 2009 [Page 2]
+Masarati & Chu Expires May 23, 2009 [Page 2]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
1. Background and Intended Use
-Masarati & Chu Expires April 30, 2009 [Page 3]
+Masarati & Chu Expires May 23, 2009 [Page 3]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
2. The LDAP Dereference Control
SHOULD be treated as distinct and unrelated descriptions.
This control is only appropriate for the search operation [RFC4511].
- This control MUST be ignored if the Search was requested with
- SearchRequest.typesOnly specified as TRUE. The dereference attribute
- MUST be part of the search result set.
The semantics of the criticality field are specified in [RFC4511].
In detail, the criticality of the control determines whether the
control will or will not be used, and if it will not be used, whether
- the operation will continue without the control, or fail returning
- unavailableCriticalExtension. If the control is appropriate for an
- operation and, for any reason, it cannot be applied in its entirety
- to a single SearchResultEntry response, it MUST NOT be applied to
- that specific SearchResultEntry response, without affecting its
- application to any subsequent SearchResultEntry response.
+ the operation will continue without returning the control in the
+ response, or fail, returning unavailableCriticalExtension. If the
+ control is appropriate for an operation and, for any reason, it
+ cannot be applied in its entirety to a single SearchResultEntry
+ response, it MUST NOT be applied to that specific SearchResultEntry
+ response, without affecting its application to any subsequent
+ SearchResultEntry response.
+
+ Servers implementing this technical specification SHOULD publish the
+ object identifier deref-oid (IANA assigned; see Section 6) as a value
+ of the 'supportedControl' attribute [RFC4512] in their root DSE.
This control is totally unrelated to alias dereferencing [RFC4511].
-
-
-Masarati & Chu Expires April 30, 2009 [Page 4]
+Masarati & Chu Expires May 23, 2009 [Page 4]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
2.2. Control Request
- The specification of the Dereference Control request is:
+ The control type is deref-oid (IANA assigned; see Section 6). The
+ specification of the Dereference Control request is:
controlValue ::= SEQUENCE OF derefSpec DerefSpec
2.3. Control Response
- The specification of the Dereference Control response is:
+ The control type is deref-oid (IANA assigned; see Section 6). The
+ specification of the Dereference Control response is:
controlValue ::= SEQUENCE OF derefRes DerefRes
-
-
-Masarati & Chu Expires April 30, 2009 [Page 5]
+Masarati & Chu Expires May 23, 2009 [Page 5]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
3. Examples
Given these entries:
- dn: cn=Howard Chu,ou=people,dc=OpenLDAP,dc=org
+ dn: cn=Howard Chu,ou=people,dc=example,dc=org
objectClass: inetOrgPerson
cn: Howard Chu
sn: Chu
uid: hyc
- dn: Pierangelo Masarati,ou=people,dc=OpenLDAP,dc=org
+ dn: cn=Pierangelo Masarati,ou=people,dc=example,dc=org
objectClass: inetOrgPerson
cn: Pierangelo Masarati
sn: Masarati
uid: ando
- dn: cn=Test Group,ou=groups,dc=OpenLDAP,dc=org
+ dn: cn=Test Group,ou=groups,dc=example,dc=org
objectClass: groupOfNames
- cn: test Group
- member: cn=Howard Chu,ou=people,dc=OpenLDAP,dc=org
- member: cn=Pierangelo,Masarati,ou=people,dc=OpenLDAP,dc=org
+ cn: Test Group
+ member: cn=Howard Chu,ou=people,dc=example,dc=org
+ member: cn=Pierangelo Masarati,ou=people,dc=example,dc=org
A search could be performed with a Dereference request control value
specified as
and the "cn=Test Group" entry would be returned with the response
control value
- { { member, cn=Howard Chu,ou=people,dc=OpenLDAP,dc=org,
+ { { member, cn=Howard Chu,ou=people,dc=example,dc=org,
{ { uid, [hyc] } } },
- { member, cn=Pierangelo Masarati,ou=people,dc=OpenLDAP,dc=org,
+ { member, cn=Pierangelo Masarati,ou=people,dc=example,dc=org,
{ { uid, [ando] } } } }
-Masarati & Chu Expires April 30, 2009 [Page 6]
+Masarati & Chu Expires May 23, 2009 [Page 6]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
4. Implementation Notes
- This LDAP extension is currently implemented in OpenLDAP software.
+ This LDAP extension is currently implemented in OpenLDAP software
+ using the temporary OID 1.3.6.1.4.1.4203.666.5.16 under OpenLDAP's
+ experimental OID arc.
-
-
-Masarati & Chu Expires April 30, 2009 [Page 7]
+Masarati & Chu Expires May 23, 2009 [Page 7]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
5. Security Considerations
existence of nor any access privilege to the corresponding entry. It
is merely a consequence of the read access the client's identity has
on the corresponding value of the derefRes.derefAttr that would be
- returned as part of the attributes of a SearchResultEntry [RFC4511].
+ returned as part of the attributes of a SearchResultEntry response
+ [RFC4511].
Security considerations described in documents listed in [RFC4510]
apply.
-
-Masarati & Chu Expires April 30, 2009 [Page 8]
+Masarati & Chu Expires May 23, 2009 [Page 8]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
6. IANA Considerations
-Masarati & Chu Expires April 30, 2009 [Page 9]
+Masarati & Chu Expires May 23, 2009 [Page 9]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
7. Acknowledgments
-Masarati & Chu Expires April 30, 2009 [Page 10]
+Masarati & Chu Expires May 23, 2009 [Page 10]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
8. Normative References
-Masarati & Chu Expires April 30, 2009 [Page 11]
+Masarati & Chu Expires May 23, 2009 [Page 11]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
Authors' Addresses
-Masarati & Chu Expires April 30, 2009 [Page 12]
+Masarati & Chu Expires May 23, 2009 [Page 12]
\f
-Internet-Draft LDAP Deref October 2008
+Internet-Draft LDAP Deref November 2008
Full Copyright Statement
-Masarati & Chu Expires April 30, 2009 [Page 13]
+Masarati & Chu Expires May 23, 2009 [Page 13]
\f
projects / openldap / blobdiff