...>There is nothing in RFC2251 that suggests the current LDAPbis >interpretation is either intended or correct. Call me crazy, but I'd say >a behavior that is fundamentally useless doesn't belong in the spec. When I read RFC2251, I have to disagree.
"If the control is not appropriate for the operation and criticality field is TRUE, the server MUST NOT perform the operation, and MUST instead return the resultCode unsupportedCriticalExtension."
If "appropriate" means that the server found *any* reason in which the control causes the operation to fail, this says it should return unsupportedCriticalExtension (as opposed to something like insufficientAccessRights) for critical controls.
In your view, what would be the proper definition of "appropriate"? Or if that's too limiting, what would you like the criticality to mean?