Network Working Group P. Masarati
Internet-Draft Politecnico di Milano
Intended status: Standards Track H. Chu
-Expires: April 30, 2009 Symas Corp.
- October 27, 2008
+Expires: May 1, 2009 Symas Corp.
+ October 28, 2008
LDAP Dereference Control
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
- This Internet-Draft will expire on April 30, 2009.
+ This Internet-Draft will expire on May 1, 2009.
-Masarati & Chu Expires April 30, 2009 [Page 1]
+Masarati & Chu Expires May 1, 2009 [Page 1]
\f
Internet-Draft LDAP Deref October 2008
-Masarati & Chu Expires April 30, 2009 [Page 2]
+Masarati & Chu Expires May 1, 2009 [Page 2]
\f
Internet-Draft LDAP Deref October 2008
-Masarati & Chu Expires April 30, 2009 [Page 3]
+Masarati & Chu Expires May 1, 2009 [Page 3]
\f
Internet-Draft LDAP Deref October 2008
SHOULD be treated as distinct and unrelated descriptions.
This control is only appropriate for the search operation [RFC4511].
- This control MUST be ignored if the Search was requested with
- SearchRequest.typesOnly specified as TRUE. The dereference attribute
- MUST be part of the search result set.
The semantics of the criticality field are specified in [RFC4511].
In detail, the criticality of the control determines whether the
control will or will not be used, and if it will not be used, whether
- the operation will continue without the control, or fail returning
- unavailableCriticalExtension. If the control is appropriate for an
- operation and, for any reason, it cannot be applied in its entirety
- to a single SearchResultEntry response, it MUST NOT be applied to
- that specific SearchResultEntry response, without affecting its
- application to any subsequent SearchResultEntry response.
+ the operation will continue without returning the control in the
+ response, or fail, returning unavailableCriticalExtension. If the
+ control is appropriate for an operation and, for any reason, it
+ cannot be applied in its entirety to a single SearchResultEntry
+ response, it MUST NOT be applied to that specific SearchResultEntry
+ response, without affecting its application to any subsequent
+ SearchResultEntry response.
This control is totally unrelated to alias dereferencing [RFC4511].
-Masarati & Chu Expires April 30, 2009 [Page 4]
+
+
+Masarati & Chu Expires May 1, 2009 [Page 4]
\f
Internet-Draft LDAP Deref October 2008
-Masarati & Chu Expires April 30, 2009 [Page 5]
+Masarati & Chu Expires May 1, 2009 [Page 5]
\f
Internet-Draft LDAP Deref October 2008
sn: Chu
uid: hyc
- dn: Pierangelo Masarati,ou=people,dc=OpenLDAP,dc=org
+ dn: cn=Pierangelo Masarati,ou=people,dc=OpenLDAP,dc=org
objectClass: inetOrgPerson
cn: Pierangelo Masarati
sn: Masarati
dn: cn=Test Group,ou=groups,dc=OpenLDAP,dc=org
objectClass: groupOfNames
- cn: test Group
+ cn: Test Group
member: cn=Howard Chu,ou=people,dc=OpenLDAP,dc=org
member: cn=Pierangelo,Masarati,ou=people,dc=OpenLDAP,dc=org
-Masarati & Chu Expires April 30, 2009 [Page 6]
+Masarati & Chu Expires May 1, 2009 [Page 6]
\f
Internet-Draft LDAP Deref October 2008
-Masarati & Chu Expires April 30, 2009 [Page 7]
+Masarati & Chu Expires May 1, 2009 [Page 7]
\f
Internet-Draft LDAP Deref October 2008
existence of nor any access privilege to the corresponding entry. It
is merely a consequence of the read access the client's identity has
on the corresponding value of the derefRes.derefAttr that would be
- returned as part of the attributes of a SearchResultEntry [RFC4511].
+ returned as part of the attributes of a SearchResultEntry response
+ [RFC4511].
Security considerations described in documents listed in [RFC4510]
apply.
-
-Masarati & Chu Expires April 30, 2009 [Page 8]
+Masarati & Chu Expires May 1, 2009 [Page 8]
\f
Internet-Draft LDAP Deref October 2008
-Masarati & Chu Expires April 30, 2009 [Page 9]
+Masarati & Chu Expires May 1, 2009 [Page 9]
\f
Internet-Draft LDAP Deref October 2008
-Masarati & Chu Expires April 30, 2009 [Page 10]
+Masarati & Chu Expires May 1, 2009 [Page 10]
\f
Internet-Draft LDAP Deref October 2008
-Masarati & Chu Expires April 30, 2009 [Page 11]
+Masarati & Chu Expires May 1, 2009 [Page 11]
\f
Internet-Draft LDAP Deref October 2008
-Masarati & Chu Expires April 30, 2009 [Page 12]
+Masarati & Chu Expires May 1, 2009 [Page 12]
\f
Internet-Draft LDAP Deref October 2008
-Masarati & Chu Expires April 30, 2009 [Page 13]
+Masarati & Chu Expires May 1, 2009 [Page 13]
\f
<t>
This control is only appropriate for the search operation
-<xref target="RFC4511" />. This control MUST be ignored if the
-Search was requested with SearchRequest.typesOnly specified as TRUE.
-The dereference attribute MUST be part of the search result set.
+<xref target="RFC4511" />.
</t>
<t>
<xref target="RFC4511" />.
In detail, the criticality of the control determines whether the control
will or will not be used, and if it will not be used, whether the operation
-will continue without the control, or fail returning
-unavailableCriticalExtension.
+will continue without returning the control in the response, or fail,
+returning unavailableCriticalExtension.
If the control is appropriate for an operation and, for any reason,
it cannot be applied in its entirety to a single SearchResultEntry response,
it MUST NOT be applied to that specific SearchResultEntry response,
sn: Chu
uid: hyc
- dn: Pierangelo Masarati,ou=people,dc=OpenLDAP,dc=org
+ dn: cn=Pierangelo Masarati,ou=people,dc=OpenLDAP,dc=org
objectClass: inetOrgPerson
cn: Pierangelo Masarati
sn: Masarati
dn: cn=Test Group,ou=groups,dc=OpenLDAP,dc=org
objectClass: groupOfNames
- cn: test Group
+ cn: Test Group
member: cn=Howard Chu,ou=people,dc=OpenLDAP,dc=org
member: cn=Pierangelo,Masarati,ou=people,dc=OpenLDAP,dc=org
</artwork>
access privilege to the corresponding entry.
It is merely a consequence of the read access the client's identity has
on the corresponding value of the derefRes.derefAttr that would be returned
-as part of the attributes of a SearchResultEntry <xref target="RFC4511" />.
+as part of the attributes of a SearchResultEntry response
+<xref target="RFC4511" />.
</t>
<t>
Security considerations described in documents listed in
projects / openldap / commitdiff