LDAP Extension (ldapext)

Andrew Sciberras | 16 Dec 2003 23:04

Picon

Picon

draft-zeilenga-ldap-readentry-01.txt


G'Day,

The following text can be found in section 3.1 and 3.2:

~~~~~~~~~~~~~~~~~
  The server is to return a SearchResultEntry containing, subject
  to access controls and other constraints, values of the requested
  attributes.

  The normal processing of the update operation and the processing of
  this control MUST be performed as one atomic action isolated from
  other update operations.

  If the update operation fails, no response control is provided.
~~~~~~~~~~~~~~~~

On one hand, the first paragraph implies that if the read fails due to
access control restrictions, then no values should be returned.
On the other hand, paragraph two indicates that if the read fails (possibly
due to access controls) then the entire operation should fail.
Paragraph 3 explicitly states that if the update fails then the read should
as well, but fails to address the alternate scenario.

What happens if the read operation fails due to the user not having
sufficient access rights?
Should the update succeed or fail?

Thanks,

(Continue reading)

Kurt D. Zeilenga | 17 Dec 2003 07:10

Re: draft-zeilenga-ldap-readentry-01.txt

At 02:04 PM 12/16/2003, Andrew Sciberras wrote:

>G'Day,
>
>The following text can be found in section 3.1 and 3.2:
>
>~~~~~~~~~~~~~~~~~
>  The server is to return a SearchResultEntry containing, subject
>  to access controls and other constraints, values of the requested
>  attributes.
>
>  The normal processing of the update operation and the processing of
>  this control MUST be performed as one atomic action isolated from
>  other update operations.
>
>  If the update operation fails, no response control is provided.
>~~~~~~~~~~~~~~~~
>
>
>On one hand, the first paragraph implies that if the read fails due to
>access control restrictions, then no values should be returned.

The first paragraph implies that the contains of the entry
is subject to access controls which may cause some subset
of the attributes to be returned and, for those attribute
returned, some subset of their values.  The returned entry
could, in fact, have no attributes.

>On the other hand, paragraph two indicates that if the read fails (possibly
>due to access controls) then the entire operation should fail.

(Continue reading)

Andrew Sciberras | 19 Dec 2003 00:27

Picon

Picon

draft-bergeson-uddi-ldap-schema-02.txt

G'Day,

Just some comments regarding 'LDAP Schema for UDDI'.

Section 5.2
The equality matching rule for a distingushed name cannot be a
caseIgnoreMatch.

For the following attributes:
* uddiName
* uddiServiceKey
* uddiBindingKey
It is explicitly stated that the values of this attribute may not be blank.

The other attributes with a DirectoryString string attributes do not carry
this statement. I'm not sure what this is implying, but I feel that I should
note that none of the DirectoryString attributes are permitted to have a
blank value.

Section 5.17
"When saving a new uddiBusinessService structure, pass an empty
uddiServiceKey value"
Section 5.18
"When saving a new uddiBindingTemplate structure, pass an empty
uddiBindingKey value"
These would be strictly illegal since a DirectoryString must have at least
one character.

Section 5.41
I don't think you intended to have a boolean syntax for this attribute

(Continue reading)

Hallvard B Furuseth | 19 Dec 2003 11:45

Picon

Picon

Referrals in draft-rharrison-ldap-intermediate-resp-01.txt

draft-rharrison-ldap-intermediate-resp-01.txt says:

>   For example, the LDAP delete operation could be extended via a 
>   subtree control to mean that an entire subtree is to be deleted.  A 
>   subtree delete operation needs to return continuation references 
>   based upon subordinate knowledge information contained in the server 
>   so that the client can complete the operation.  Returning references 
>   as they are found instead of with the final result allows the client 
>   to progress the operation more efficiently because it does not have 
>   to wait for the final result to get this continuation reference 
>   information.  

Subtree delete can't return references in the final result anyway,
because from such a referral, only one operation should be performed on
one of the returned URIs to progress the operation.  Subtree delete may
need to return several continuation references.  Also, the referral
result code means that the operation was not performed, not that it was
partially performed.

Also, 'ietf-ldapext <at> netscape.com' should be 'ldapext <at> ietf.org'.

--

-- 
Hallvard

Hallvard B Furuseth | 20 Dec 2003 21:07

Picon

Picon

features-05 comments

draft-zeilenga-ldap-features-05.txt says:

> 2. Discovery of supported features

>   A client may examine the values of this attribute to
>   determine if a particular feature is supported by the server.  A
>   client MUST ignore values it doesn't recognize as they refer to
>   elective features it doesn't implement.

What's the point of the last sentence?  What else could the client do
with a feature it doesn't know about?

>   The 'supportedFeatures' attribute type is described as follows

...", using the AttributeTypeDescription syntax described in [Models]"  

(and [Models] must be added to the References section).

>       ( 1.3.6.1.4.1.4203.1.3.5
>         NAME 'supportedFeatures'
>         DESC 'features supported by the server'
>         EQUALITY objectIdentifierMatch
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
>         USAGE dSAOperation )

This is missing, adapted from similar texts in [Models]:

  The 'objectIdentifierMatch' matching rule and the
  objectIdentifierFirstComponentMatch (1.3.6.1.4.1.1466.115.121.1.38)
  syntax is defined in [Syntaxes].

(Continue reading)

Kurt D. Zeilenga | 20 Dec 2003 22:27

Re: features-05 comments

Please note that this TS was recently published as RFC 3674.

I hope that this TS will be incorporated into the revised LDAP
TS being produced by the LDAPBIS WG.  If they do so, any known
issues should be addressed during that work.  Otherwise,
I will address them in some future update of RFC 3674.

At 12:07 PM 12/20/2003, Hallvard B Furuseth wrote:
>draft-zeilenga-ldap-features-05.txt says:
>
>> 2. Discovery of supported features
>
>>   A client may examine the values of this attribute to
>>   determine if a particular feature is supported by the server.  A
>>   client MUST ignore values it doesn't recognize as they refer to
>>   elective features it doesn't implement.
>
>What's the point of the last sentence?  What else could the client do
>with a feature it doesn't know about?

Not ignore the unrecognized feature.  That is, fail to continue
processing due to presence of a unrecognized value in
'supportedFeatures'.

>>   The 'supportedFeatures' attribute type is described as follows
>
>...", using the AttributeTypeDescription syntax described in [Models]"  
>
>(and [Models] must be added to the References section).

(Continue reading)

Kurt D. Zeilenga | 20 Dec 2003 22:37

Re: Referrals in draft-rharrison-ldap-intermediate-resp-01.txt

At 02:45 AM 12/19/2003, Hallvard B Furuseth wrote:
>draft-rharrison-ldap-intermediate-resp-01.txt says:
>>   For example, the LDAP delete operation could be extended via a 
>>   subtree control to mean that an entire subtree is to be deleted.  A 
>>   subtree delete operation needs to return continuation references 
>>   based upon subordinate knowledge information contained in the server 
>>   so that the client can complete the operation.  Returning references 
>>   as they are found instead of with the final result allows the client 
>>   to progress the operation more efficiently because it does not have 
>>   to wait for the final result to get this continuation reference 
>>   information.  
>
>Subtree delete can't return references in the final result anyway,
>because from such a referral, only one operation should be performed on
>one of the returned URIs to progress the operation.  Subtree delete may
>need to return several continuation references.  Also, the referral
>result code means that the operation was not performed, not that it was
>partially performed.

The last sentence does confuse the example.  The issue is
not one of efficiency but functionality (adding support for
continuation references).  I'll ask that the last sentence of
this example be deleted during AUTH48.

>Also, 'ietf-ldapext <at> netscape.com' should be 'ldapext <at> ietf.org'.

That text will be deleted automatically by the RFC Editor.
(Note that the document is at the RFC Editor.)

Kurt

(Continue reading)

Hallvard B Furuseth | 20 Dec 2003 22:43

Picon

Picon

Re: features-05 comments

Kurt D. Zeilenga writes:
> I hope that this TS will be incorporated into the revised LDAP
> TS being produced by the LDAPBIS WG.  If they do so, any known
> issues should be addressed during that work.  Otherwise,
> I will address them in some future update of RFC 3674.

If you mean further discussion should wait, this will be my last
message until then.

>At 12:07 PM 12/20/2003, Hallvard B Furuseth wrote:
>>> 2. Discovery of supported features
>>
>>>   A client may examine the values of this attribute to
>>>   determine if a particular feature is supported by the server.  A
>>>   client MUST ignore values it doesn't recognize as they refer to
>>>   elective features it doesn't implement.
>>
>>What's the point of the last sentence?  What else could the client do
>>with a feature it doesn't know about?
> 
> Not ignore the unrecognized feature.  That is, fail to continue
> processing due to presence of a unrecognized value in
> 'supportedFeatures'.

Sounds like you are saying 'the client may instead be ridiculously
stupid'.  I don't think a MUST is needed to prevent that, or even that
it's any of our business if the client does this

--

-- 
Hallvard

(Continue reading)

Kurt D. Zeilenga | 21 Dec 2003 00:27

Re: features-05 comments

At 01:43 PM 12/20/2003, Hallvard B Furuseth wrote:
>Kurt D. Zeilenga writes:
>> I hope that this TS will be incorporated into the revised LDAP
>> TS being produced by the LDAPBIS WG.  If they do so, any known
>> issues should be addressed during that work.  Otherwise,
>> I will address them in some future update of RFC 3674.
>
>If you mean further discussion should wait, this will be my last
>message until then.

No reason to defer discussion.  I was just letting you know
that how this specification will like be updated.

>>At 12:07 PM 12/20/2003, Hallvard B Furuseth wrote:
>>>> 2. Discovery of supported features
>>>
>>>>   A client may examine the values of this attribute to
>>>>   determine if a particular feature is supported by the server.  A
>>>>   client MUST ignore values it doesn't recognize as they refer to
>>>>   elective features it doesn't implement.
>>>
>>>What's the point of the last sentence?  What else could the client do
>>>with a feature it doesn't know about?
>> 
>> Not ignore the unrecognized feature.  That is, fail to continue
>> processing due to presence of a unrecognized value in
>> 'supportedFeatures'.
>
>Sounds like you are saying 'the client may instead be ridiculously
>stupid'.  I don't think a MUST is needed to prevent that, or even that

(Continue reading)

Hallvard B Furuseth | 21 Dec 2003 15:09

Picon

Picon

Re: features-05 comments

Kurt D. Zeilenga writes:
>>>At 12:07 PM 12/20/2003, Hallvard B Furuseth wrote:
>>>>> 2. Discovery of supported features
>>>>
>>>>>   A client may examine the values of this attribute to
>>>>>   determine if a particular feature is supported by the server.  A
>>>>>   client MUST ignore values it doesn't recognize as they refer to
>>>>>   elective features it doesn't implement.
>>>>
>>>>What's the point of the last sentence?  What else could the client do
>>>>with a feature it doesn't know about?
>>> 
>>> Not ignore the unrecognized feature.  That is, fail to continue
>>> processing due to presence of a unrecognized value in
>>> 'supportedFeatures'.
>>
>>Sounds like you are saying 'the client may instead be ridiculously
>>stupid'.  I don't think a MUST is needed to prevent that, or even that
>>it's any of our business if the client does this
> 
> Maybe so.  I likely put that statement just after dealing
> with a ridiculously stupid client.

Suggest s/MUST/can/.

--

-- 
Hallvard

Group

gmane.ietf.ldapext.

Search Archive

Page

1 | 2

Articles in period: 14

December 2003

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Biggest Fake Conference in Computer Science (27 Apr 2013)
Fwd: New Version Notification for draft-stroeder-hashed-userpassword-v (28 Jan 2013)
AUTO: Mike Gong is on vacation (returning 02/02/2013) (26 Jan 2013)
Any implementations using userPassword;hash-scheme? (26 Jan 2013)
Fwd: New Version Notification for draft-stroeder-namedobject-00.txt (16 Dec 2012)
Read Entry control not applicable to Bind Operations (20 Apr 2012)
RFC 2589: limits for requestTtl (17 Nov 2011)
Fwd: Request for LDAP Descriptor Registration (6 Nov 2011)
I-D ACTION:draft-zeilenga-ldap-relax-00.txt (1 Jul 2011)
Fwd: [ldap] LDAPCon 2011 Call for Papers (9 Apr 2011)
Schema OID definition limits (8 Apr 2011)
New Version for draft-cal-resource-schema-03 (29 Nov 2010)
Review of draft-gennai-smime-cnipa-pec-08.txt (24 Oct 2010)
Request for review draft-cal-resource-schema - Schema for representing (21 Oct 2010)
Fwd: Request for LDAP expert review of PEC object identifier descripto (20 Oct 2010)
password policy: pwdChangedTIme, pwdLastSuccess (9 Aug 2010)
General impact of ldap server side current time matching (20 Jul 2010)
Password policy: pwdAllowUserChange (6 Jul 2010)
password policy: pwdLockout is redundant (6 Jul 2010)
password policy: X.500 unification (6 Jul 2010)
password policy: multiple subentries, multiple password attributes, .. (5 Jul 2010)

Archives

1	April 2013
10	March 2013
13	January 2013
4	December 2012
2	April 2012
2	November 2011
9	July 2011
4	April 2011
2	December 2010
1	November 2010
10	October 2010
1	September 2010
4	August 2010
39	July 2010
9	June 2010
8	May 2010
10	April 2010
2	March 2010
1	January 2010
1	December 2009
2	November 2009
6	October 2009
2	September 2009
17	August 2009
6	July 2009
49	June 2009
2	May 2009
6	April 2009
18	March 2009
1	February 2009
1	January 2009
17	December 2008
24	November 2008
1	October 2008
19	September 2008
3	August 2008
11	July 2008
1	June 2008
15	April 2008
2	March 2008
7	February 2008
10	January 2008
1	December 2007
3	October 2007
87	September 2007
2	August 2007
6	June 2007
8	May 2007
1	April 2007
51	February 2007
2	January 2007
7	November 2006
3	October 2006
4	August 2006
1	July 2006
4	June 2006
19	May 2006
18	March 2006
9	February 2006
18	January 2006
2	December 2005
4	November 2005
7	October 2005
4	September 2005
6	August 2005
11	July 2005
10	June 2005
1	May 2005
32	April 2005
36	February 2005
7	January 2005
9	December 2004
49	November 2004
68	October 2004
40	September 2004
19	August 2004
13	July 2004
71	June 2004
29	May 2004
27	April 2004
41	March 2004
10	February 2004
8	January 2004
14	December 2003
34	November 2003
21	October 2003
10	September 2003
5	August 2003
35	July 2003
8	June 2003
32	May 2003
29	April 2003
15	March 2003
27	February 2003
13	December 2002
26	November 2002
40	October 2002
51	September 2002
51	August 2002
4	July 2002
2	June 2002
29	May 2002
8	April 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template