Re: unsolicited controls (Was: I-DACTION:draft-weltman-ldapv3-auth-response-01.txt)

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 10:11 AM 2/9/00 -0800, David Boreham wrote:
>
>Examples ?

draft-weltman-ldapv3-auth-response-01.txt
draft-behera-ldap-password-policy-00.txt

I feel the client should be required to take some explicit
action before the returns any response not described by
the core specifications.  This act may be an explicit
request control, a control upon bind enabling the behavior
for the "session", an extended operation enabling the behavior,
or some other form of solicitation.

I feel a server should not respond with controls and/or
extended responses not detailed by the core specifications
without such solicitation.

That is, the client should
	1) discover what protocol extensions are supported by the server
	2) enable desired extensions

A server should:
	1) published supported extensions
	2) disable all extensions until enabled by the client