[Date Prev][Date Next] [Chronological] [Thread] [Top]

[ldapext] noop control vs. non-modify operations

To: ldapext@ietf.org
Subject: [ldapext] noop control vs. non-modify operations
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Sun, 23 May 2004 20:29:25 +0200

draft-zeilenga-ldap-noop-04.txt says:
>  The control is appropriate for request messages of LDAP Add, Delete,
>  Modify and ModifyDN operations [RFC2251].

I don't remember if I have suggested this before, but the control could
be useful with other operations too:

- Bind:  Verify that the credentials are correct without actually
  changing the session's authorization ID or SASL layer, and without
  abandoning outstanding operations.  Probably the server SHOULD NOT
  wait for outstanding operations either.

- Operations in general:  Check if the server supports the operation
  (with the given parameters), or that it supports some control,
  or that the user has access to perform the operation.

The noop control spec would have to say that the operation has no
effect, not only that it has no effect _on the directory_.  It should
not affect SASL/TLS layers, bind DN, or anything else.  The control
would fail if it could not test the operation without such side effects.

noOperation would be returned instead of compareTrue and compareFalse as
well as instead of success.

BTW, 'no effect' may not be entirely possible, with or without my
suggestion.  For example, in a directory where each entry is stored in a
file, Add+noop might update the time of last access for the file, and
the server might support a way to read that time.

-- 
Hallvard

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

Follow-Ups:
- Re: [ldapext] noop control vs. non-modify operations
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: CDMA包月号大酬宾！
Next by Date: imagine if you had a diploma
Index(es):
- Chronological
- Thread