Re: unsolicited controls (Was: I-DACTION:draft-weltman-ldapv3-auth-response-01.txt)

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

RFC 2251, 4.4 (unsolicited notifications) says:
   It [an unsolicited notification] is used to signal an
   extraordinary condition in the server or in the connection
   between the client and the server

I believe the same should apply to unsolicited controls:
  An unsolicited response control is used to signal an
  extraordinary condition with the operation.

That is, the fact that an identity is authorized is by a
operation bind is quite ordinary and hence a client shouldn't
be notified of the identity unless explicitly requested.

Kurt


At 10:53 AM 2/9/00 -0800, Kurt D. Zeilenga wrote:
>At 10:11 AM 2/9/00 -0800, David Boreham wrote:
>>
>>Examples ?
>
>draft-weltman-ldapv3-auth-response-01.txt
>draft-behera-ldap-password-policy-00.txt
>
>I feel the client should be required to take some explicit
>action before the returns any response not described by
>the core specifications.  This act may be an explicit
>request control, a control upon bind enabling the behavior
>for the "session", an extended operation enabling the behavior,
>or some other form of solicitation.
>
>I feel a server should not respond with controls and/or
>extended responses not detailed by the core specifications
>without such solicitation.
>
>That is, the client should
>	1) discover what protocol extensions are supported by the server
>	2) enable desired extensions
>
>A server should:
>	1) published supported extensions
>	2) disable all extensions until enabled by the client
>
>
>