Re: result code for a deleted identity on a connection

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Vithalprasad Gaitonde writes:
> If a client does a bind with an identity and then while the bound
> connection is still open, the object which has bound gets deleted, what
> is the expected server behaviour when the client tries to make the next
> request on that connection?
> Should the connection revert to anonymous ? - This seems inappropriate
> as the client would not know why he is suddenly not getting access to
> some objects which he had access to earlier.

Right.

> The appropriate behaviour should probably be to send a result code back
> and close the connection (as if there had been an unbind).

I suspect it might be a lot of work for servers to keep track of this.
So I think the server should have that option, but it should also have
the option not to notice this condition and keep serving requests as if
nothing happened.

> None of the current result codes defined in
> http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-protocol-13.txt
> seem to be apprpriate for this. The closest is insufficient access.
> We should probably have a result code like invalidIdentity

How about invalidCredentials?

> which is sent back with a notice of disconnection (section 4.4.1
> protocol draft) followed by a closing of the connection by the server.

-- 
Hallvard