[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP Control Result Codes I-D

To: "Michael Armijo" <micharm@Exchange.Microsoft.com>
Subject: LDAP Control Result Codes I-D
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 20 Jul 2000 11:40:08 -0700
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <96BABA22ECEAEA45B53D08D63E1B5678527F99@DF-SPIKE.platinum.c orp.microsoft.com>

Michael,

Your I-D <draft-armijo-ldap-control-error-00.txt> discusses an
interesting problem.

I'm not quite sure I understand the need for two additional
codes.  However, this may be due to my interpretation
of the control semantics and unavailableCriticalControl result
code.

It's my view that the critical of control does not impact the
processing of a recognized and supported control.  That is,
if the server recognizes the control, supports the control
in the context of the operation, and is willing to process
the operation as extended by the control, then criticality
doesn't matter.  The processing is done per the control and if
an error occurs in the processing of the control a suitable
error (as defined by the control) is returned.  This may be
any result code other than unavailableCriticalExtension.

If, however, if the control is unrecognized, or unsupported in
context of the current operation, or the server otherwise is
unwilling to process the operation as extended by the control,
criticality matters.  If critical, the unavailableCriticalExtension
result code is returned in the result (and this must be the only
response to the request).  If not critical, the control is ignored.

A server must not partial process a control.  That is, the
control applies to the whole operation or no part of the operation.
If the server initiates processing under the operation as
extended by the control(s) it must complete processing as
specified by these control(s).  A server cannot in the middle of
processing the operation decide to ignore a control it has
chosen to honor (regardless of its criticality) (though it can
chose to abort the operation and return an appropriate non-success
result code).

Hence, I don't grok:
   The controlError result code should be returned when an operation 
   has succeeded but an attached control may have failed.

It's my view that controls don't fail, operations fail.  An
operation with a control(s) extends the operation per semantics
of the control(s).

Follow-Ups:
- Re: LDAP Control Result Codes I-D
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: LDAP (v3) Revision BOF (LDAPbis)
Next by Date: Re: LDAP Control Result Codes I-D
Index(es):
- Chronological
- Thread