[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: I-D ACTION:draft-ietf-ldapbis-url-05.txt



And it can be marked critical using '!'?

-----Original Message-----
From: John McMeeking [mailto:jmcmeek@us.ibm.com]
Sent: Tuesday, 17 February 2004 23:43
To: Ramsay, Ron; ietf-ldapbis@OpenLDAP.org
Subject: RE: I-D ACTION:draft-ietf-ldapbis-url-05.txt






RFC 2255 defines a bindname extension; when using the URL, the client was
to authenticate to the server as the specified DN.  This is an example of
an URL extension that is not a LDAP control or extended request.


John  McMeeking


owner-ietf-ldapbis@OpenLDAP.org wrote on 02/17/2004 12:45:21 AM:

> I doubt they are LDAP URL Extensions as they are part of the base
> definition! I believe the only things you can put a '!' in front of
> are LDAP controls, so I stick with what I said.
>
> -----Original Message-----
> From: owner-ietf-ldapbis@OpenLDAP.org
> [mailto:owner-ietf-ldapbis@OpenLDAP.org]On Behalf Of Kurt D. Zeilenga
> Sent: Tuesday, 17 February 2004 17:23
> To: Mark Smith
> Cc: andrew.sciberras@adacel.com; howes@opsware.com;
> ietf-ldapbis@OpenLDAP.org
> Subject: Re: I-D ACTION:draft-ietf-ldapbis-url-05.txt
>
>
> At 03:05 PM 2/16/2004, Mark Smith wrote:
> >>>If an LDAP URL extension is recognised by an implementation, the
> >>>implementation MUST make use of it.
> >>What if you recognise it, but don't implement it?
> >>If it is not critical then I see no reason why the operation should not
> >>proceed.
> >
> >Kurt can probably explain this better than I can... but the goal is
> to be consistent the philopsophy used for LDAP controls in the
> Protocol document.
> >I think "recognized" implies "ability to use" an extension; that
> is, if an implementation recognizes an extension it is able to use it.
>
> I prefer "implement" here over "recognize".  Like a number of
> other protocol tokens, it is possible to "recognize" an
> token without actually implementing the syntax and semantics
> associated with that token.   For instance, a implementation
> could recognize the bindname extension but not implement it
> (maybe the implementation only supports the mandatory-to-implement
> authentication mechanism (e.g., DIGEST-MD5)).
>
> Ron asked:
> >Why are they called extensions and not controls?  It looks a bit
> misleading to me. (LDAP can be extended in a number of ways.)
>
> I think it would be misleading to call them LDAP URL Controls
> as they would confused with LDAP Controls.  LDAP URL Extensions
> are not necessarily LDAP Controls.
>
> Kurt
>
>
>
>