[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
updated triggered search draft
This draft did not quite make it before the I-D deadline, so I am sending it
directly to the list as well. It replaces the individual submission
draft-wahl-ldapv3-trigger as this is now a work item of the LDAPEXT group.
Also I wanted to let you know that Critical Angle is now part of Innosoft.
Like us, Innosoft are very committed to the IETF process for developing
application protocol standards, as evidenced by the work of Ned Freed, chair of
RECEIPT, co-author of MIME and many other SMTP-related drafts, and Chris
Newman, chair and co-author of ACAP.
Mark Wahl, Directory Product Architect
Innosoft International Inc. / Critical Angle Inc.
Network Working Group M. Wahl
Request for Comments: DRAFT Innosoft International Inc.
Expires in six months from March 16, 1998
LDAPv3 Triggered Search Result Control
<draft-ietf-ldapext-trigger-00.txt>
1. Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working docu-
ments of the Internet Engineering Task Force (IETF), its areas, and its
working groups. Note that other groups may also distribute working
documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
ftp.isi.edu (US West Coast).
2. Abstract
This document defines a LDAPv3 [2] control to be used on the Search
Request to allow a client to retrieve information on changes which
are made to the directory information tree held by that server.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in RFC 2119 [1].
3. Control Definition
A client may provide a control of a particular type when invoking
a search request.
The controlType is "1.3.6.1.4.1.1466.29539.10", the criticality
field may be TRUE or FALSE, and the controlValue field is absent.
To have an effect, the search request MUST have the baseObject
field set to the name of the base of the server's change log [3],
the scope MUST be either singleLevel or wholeSubtree, and the
size and time limits MUST both be 0.
The server will return SearchResultEntry responses for all
responses in the change log which match the client's search filter.
However, the server will not return a SearchResultDone as it would
normally.
Wahl draft-ietf-ldapext-trigger-00.txt [Page 1]
�
INTERNET-DRAFT Triggered Search Result Control March 1998
Instead, the server will preserve the client's message id, search
filter and requested attribute list and associate it with the
client's connection.
The server will only return the SearchResultDone if there is an error
condition (e.g. unwillingToPerform), and will not return the
SearchResultDone if the request was successful.
So long as the connection to the client is open and the client does
not abandon the request or reuse the request message id, the server
will return additional SearchResultEntry responses as entries are
added to the change log. These responses have the same message id as
the original request.
The client may terminate the return of responses by abandoning the
request.
4. Matching Rule
A matching rule is defined to allow the client to request changes from
only a particular portion of the tree.
A server will advertise support for this matching rule by having the
following rule definition present in the subschema subentry governing
the changelog. (A client can determine the subschema subentry for the
changelog by retrieving the attribute subschemaSubentry from the base
entry of the changelog.)
( 1.3.6.1.4.1.1466.29539.10.1 NAME 'dnSubordinateTo'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
An extensibleMatch filter will evaluate to TRUE for an entry to which
the client has access if the matchingRule field is
1.3.6.1.4.1.1466.29539.10.1, the type field is any attribute with DN
syntax (1.3.6.1.4.1.1466.115.121.1.12), and there is a value of that
attribute present in an entry which is the same as or subordinate to
the matchValue field.
For example, if a client presented the following filter:
(targetDN:1.3.6.1.4.1.1466.29539.10.1:=dc=acme,dc=com)
the filter would evaluate as follows for the following values,
assuming the client had sufficient access rights to perform the
filtering:
targetDn: dc=org FALSE
targetDn: dc=com FALSE
targetDn: dc=acme,dc=com TRUE
targetDn: dc=www,dc=acme,dc=com TRUE
targetDn: cn=server,dc=www,dc=acme,dc=com TRUE
Wahl draft-ietf-ldapext-trigger-00.txt [Page 2]
�
INTERNET-DRAFT Triggered Search Result Control March 1998
5. Security Considerations
The changes attribute of the change log entries should not be
generally readable. The administrator will typically configure
specific users who are authorized to retrieve this attribute.
6. Bibliography
[1] S. Bradner, "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119.
[2] "Lightweight Directory Access Protocol (v3)", RFC 2251.
[3] "Definition of An Object Class to Hold LDAP Change Records",
INTERNET DRAFT <draft-ietf-asid-changelog-01.txt>.
7. Authors Address
Mark Wahl
Innosoft International Inc.
4815 West Braker Lane #502-385
Austin, TX 78759
USA
Phone: +1 512 372-3160
EMail: M.Wahl@critical-angle.com
Wahl draft-ietf-ldapext-trigger-00.txt [Page 3]