[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Protocol: MUST provide supportedVersion

To: "Jim Sermersheim" <jimse@novell.com>
Subject: Re: Protocol: MUST provide supportedVersion
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 22 Oct 2003 21:24:45 -0700
Cc: <ietf-ldapbis@OpenLDAP.org>
In-reply-to: <sf96f0fd.035@prv-mail20.provo.novell.com>
References: <sf96f0fd.035@prv-mail20.provo.novell.com>

>I worry that there are clients that already rely on this MUST in order to discover the protocol version, rather than using the Bind/failover method.

RFC 2251 didn't say supportedLDAPversion **always** had to be
provided when requested.  RFC 2251 allowed:
        servers to require binding before searching
        servers to require start tls before searching
        servers to subject returned attributes to ACLS
                (including, specifically, root DSE attributes)
        etc.

and, hence, implicitly required clients deal with these cases.

A client which doesn't will run into interoperability problems. 
Access controls upon the root DSE are common. Administrative
restrictions requiring bind before search are fairly common.
Administrative restrictions requiring startTLS before search
are fairly common.  Etc..

If we accept the argument that a "MUST provide" is necessary for interoperability, then we not only keep the MUST be we must
disallow the RFC 2251 allowed behaviors listed above. 

If we reject the argument, then just need to drop the MUST.
It might be appropriate to clarify again that search returns
are subject to all kinds of administrative policies, but I think
we've covered that repeatedly.

Kurt

References:
- Protocol: MUST provide supportedVersion
  - From: "Jim Sermersheim" <jimse@novell.com>

Prev by Date: Protocol: MUST provide supportedVersion
Next by Date: Re: REVISED protocol review notes [LONG]
Index(es):
- Chronological
- Thread