[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Critical controls

To: Jim Sermersheim <JIMSE@novell.com>
Subject: Re: Critical controls
From: Mark Smith <mcs@netscape.com>
Date: Wed, 22 Nov 2000 15:33:49 -0500
Cc: ietf-ldapbis@OpenLDAP.org
Organization: iPlanet E-Commerce Solutions
References: <sa126e36.090@prv-mail20.provo.novell.com>

Jim Sermersheim wrote:

>  RFC 2251 states in section 4.1.12"If the server does not recognize
> the control type and the criticality field is TRUE, the server MUST
> NOT perform the operation, and MUST instead return the resultCode
> unavailableCriticalExtension."and"If the control is not appropriate
> for the operation and criticality field is TRUE, the server MUST NOT
> perform the operation, and MUST instead return the resultCode
> unavailableCriticalExtension." There is a problem in that LDAP doesn't
> define an unbindResponse or an abandonResponse, thus can't return
> unavailableCriticalExtension. When an unbind or abandon operation is
> paired with an unrecognized or inappropriate critical control, is it
> best to not perform the operation, or ignore the control? Jim

Good question.  Maybe we say that clients MUST NOT send critical
controls with abandon or unbind requests.  We could specify that servers
SHOULD treat all controls that are marked critical that arrive with an
abandonRequest or unbindRequest as not critical.  Not very clean, but we
have to make a choice.

--
Mark Smith
Netscape Directory Product Development

Follow-Ups:
- Re: Critical controls
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Critical controls
  - From: "Jim Sermersheim" <JIMSE@novell.com>

Prev by Date: RE: Attribute Type character set
Next by Date: Re: Clarification of "authentication"
Index(es):
- Chronological
- Thread