[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] noop control vs. non-modify operations
At 11:29 AM 5/23/2004, Hallvard B Furuseth wrote:
>draft-zeilenga-ldap-noop-04.txt says:
>> The control is appropriate for request messages of LDAP Add, Delete,
>> Modify and ModifyDN operations [RFC2251].
I should also note that the control is appropriate for
extended requests of operations which update the directory,
such as the password modify extended operation [RFC3062].
>I don't remember if I have suggested this before, but the control could
>be useful with other operations too:
>
>- Bind: Verify that the credentials are correct without actually
> changing the session's authorization ID or SASL layer, and without
> abandoning outstanding operations. Probably the server SHOULD NOT
> wait for outstanding operations either.
As engineering this functionality requires special
attention to security considerations (as it would extend
LDAP authentication capabilities), I believe it best that a
separate control be used to provide this functionality.
I note that already exists controls, so called "fast bind"
or "concurrent bind" controls, which do provide this kind
functionality.
>- Operations in general: Check if the server supports the operation
> (with the given parameters), or that it supports some control,
> or that the user has access to perform the operation.
While the control could, I guess, be used to discover feature
support it is not intended to be used in that manner.
>BTW, 'no effect' may not be entirely possible, with or without my
>suggestion. For example, in a directory where each entry is stored in a
>file, Add+noop might update the time of last access for the file, and
>the server might support a way to read that time.
I note that I-D does not use the term 'no effect'. And
while any access of the directory could be viewed as
having an effect upon the directory, I think the document
is reasonable clear on which effects it this control
impacts.
Kurt
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext