Re: [ldapext] noop control vs. non-modify operations

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Kurt D. Zeilenga writes:
>At 11:29 AM 5/23/2004, Hallvard B Furuseth wrote:
>> draft-zeilenga-ldap-noop-04.txt says:
>>>  The control is appropriate for request messages of LDAP Add, Delete,
>>>  Modify and ModifyDN operations [RFC2251].
>> (...)
>> I don't remember if I have suggested this before, but the control could
>> be useful with other operations too:
>>
>> - Bind:  Verify that the credentials are correct without actually
>>   changing the session's authorization ID or SASL layer, and without
>>   abandoning outstanding operations.  Probably the server SHOULD NOT
>>   wait for outstanding operations either.
> 
> As engineering this functionality requires special
> attention to security considerations (as it would extend
> LDAP authentication capabilities), I believe it best that a
> separate control be used to provide this functionality.

Good point.

> I note that already exists controls, so called "fast bind"
> or "concurrent bind" controls, which do provide this kind
> functionality.

Pity they don't seem to be RFC'ed then.  Do you know of some such specs
or implementations that seem reasonable, and whose owners might accept
to have them RFC'ed?  I might find time to do that, and an OpenLDAP
reference implementation, sometime this year:-)

>> BTW, 'no effect' may not be entirely possible, with or without my
>> suggestion.  (...)
> 
> I note that I-D does not use the term 'no effect'.

No, I did.  I was just noting that some wordsmithing or deeper work
would be needed with my suggestions, if they were accepted.

-- 
Hallvard

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext