[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: comments: draft-weltman-ldapv3-proxy-05.txt

To: Rob Weltman <robw@worldspot.com>
Subject: Re: comments: draft-weltman-ldapv3-proxy-05.txt
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 01 Nov 2000 10:15:37 -0800
Cc: ietf-ldapext@netscape.com
In-reply-to: <3A004B4C.E9E84554@worldspot.com>
References: <5.0.0.25.0.20001023091802.00a93070@router.boolean.net>

At 08:56 AM 11/1/00 -0800, Rob Weltman wrote:
>  I have taken into account your comments in a new draft which I will be submitting shortly. But there are a couple of points I disagree with (or don't fully understand). See below.

I look forward to your new draft.  Below is clarification which
may be useful.

>"Kurt D. Zeilenga" wrote:
>> 
>> The syntax of controlType should be LDAPOID and have
>> the value of the assigned OID.
>
>  That's part of the control spec of RFC 2251 (section 4.1.12), not something that can be defined by an individual control.

It's just your notation seems odd (incorrect) to me.

You say:
   proxyAuthControl ::= SEQUENCE {
           controlType     2.16.840.1.113730.3.4.12,
           criticality     BOOLEAN DEFAULT FALSE,
           controlValue    proxyAuthValue
   }

I believe you mean:
   proxyAuthControl is a Control [RFC2251] where the controlType
   value is "2.16.840.1.113730.3.4.12" and the controlValue is
   an BER encoded proxyAuthValue.

but what you said is different.

>> 
>> I suggest you add a statement that servers recognizing this
>> control MUST return an error if the control is not marked
>> as being critical.
>
>  The draft defines the syntax of the control, including the required criticality. I don't think this case is different from any others - the server should reject invalid syntax.

RFC 2251 specifically states when unavailableCrititialExtension result
code should be returned.  In particular, if the control type is
recognized and is appropriate for the operation, the value MUST be
used regardless of the criticality field and, IMO, without regard to
the criticality field.  That is, if the server determines that value
to be used is invalid, it should return some error indicating this.
This behavior should not be dependent on whether the control was
marked as critical or not.

>> "This means that fewer results, or no results, may be returned"
>> I assume you meant fewer entry and references responses, not
>> results.
>
>  Search results consist of entries and references.

This is a nit... but to clarify: A search request in a result.
This result consists of entries and references, and a done message.
When you say "fewer results", I don't read this as "fewer entries
and messages messages", hence my suggestion that you clarify.

Kurt

References:
- Re: comments: draft-weltman-ldapv3-proxy-05.txt
  - From: Rob Weltman <robw@worldspot.com>

Prev by Date: Re: Comments: draft-weltman-ldapv3-auth-response-02.txt
Next by Date: Re: Relationship between dupent and matched values
Index(es):
- Chronological
- Thread