[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] noop control vs. non-modify operations

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: [ldapext] noop control vs. non-modify operations
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 27 May 2004 13:51:20 -0700
Cc: ldapext@ietf.org
In-reply-to: <HBF.20040523j22r@bombur.uio.no>
References: <HBF.20040523j22r@bombur.uio.no>

At 11:29 AM 5/23/2004, Hallvard B Furuseth wrote:
>draft-zeilenga-ldap-noop-04.txt says:
>>  The control is appropriate for request messages of LDAP Add, Delete,
>>  Modify and ModifyDN operations [RFC2251].

I should also note that the control is appropriate for
extended requests of operations which update the directory,
such as the password modify extended operation [RFC3062].

>I don't remember if I have suggested this before, but the control could
>be useful with other operations too:
>
>- Bind:  Verify that the credentials are correct without actually
>  changing the session's authorization ID or SASL layer, and without
>  abandoning outstanding operations.  Probably the server SHOULD NOT
>  wait for outstanding operations either.

As engineering this functionality requires special
attention to security considerations (as it would extend
LDAP authentication capabilities), I believe it best that a
separate control be used to provide this functionality.
I note that already exists controls, so called "fast bind"
or "concurrent bind" controls, which do provide this kind
functionality.

>- Operations in general:  Check if the server supports the operation
>  (with the given parameters), or that it supports some control,
>  or that the user has access to perform the operation.

While the control could, I guess, be used to discover feature
support it is not intended to be used in that manner.

>BTW, 'no effect' may not be entirely possible, with or without my
>suggestion.  For example, in a directory where each entry is stored in a
>file, Add+noop might update the time of last access for the file, and
>the server might support a way to read that time.

I note that I-D does not use the term 'no effect'.  And
while any access of the directory could be viewed as
having an effect upon the directory, I think the document
is reasonable clear on which effects it this control
impacts.

Kurt 

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

Follow-Ups:
- Re: [ldapext] noop control vs. non-modify operations
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- [ldapext] noop control vs. non-modify operations
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Check this Adult DVDs deal!
Next by Date: [no subject]
Index(es):
- Chronological
- Thread