Re: Is CLDAP connectionless or not?

[Leif Johansson <leifj@it.su.se>]

> I think the SASL debate actually evolves out of a deeper problem with the 
> CLDAP draft itself:
> 
> Is it a specification for running an LDAP session over UDP, or is it a 
> specification for running LDAP queries in connectionless mode?
> 

Both and none. In order to be able to use read with access-control you need,
as someone already pointed out, to be able to identify a session, defined by
a completed bind which does require something beyond what is provided in the
draft. For anonymous reads the situation is different.

You may not care about reordering of packets in a search response -- the 
searchResultDone packet might be uninteresting for an application where
results not returned within a very short time are dropped anyway -- or even, 
heaven forbid, about loss of packets in a search response. Some applications 
may care to get a reply back from modify-operations :-) This is imho best 
handled with a set of controls and/or exops. 

For instance if you really care about getting all your search responses in 
the right order you can either (sketching here so please forgive some 
handwaving) add a control with a sequence number or create an exop response 
which contained a SEQUENCE OF ldap pdu's. Which is better? I don't know.
Does it absolutely have to go into this draft? I hope not :-)

> In the first case, the spec is incomplete; it needs to essentially rebuild 
> all of TCP's machinery in order to get reliably delivered requests and 
> responses.

Not all of it. Reordering may not be an issue, packet loss may not be an 
issue. An extra set of controls could be considered a tool for selecting which 
aspects
of a full connection is interesting to the application. Having said that I 
absolutely agree that if we get close to finding ourselves implementing tcp
in LDAP/UDP to get basic functionality the project must be dropped.

	Cheers Leif