[Date Prev][Date Next] [Chronological] [Thread] [Top]

[ldapext] Re: draft-zeilenga-ldap-readentry-03.txt

To: andrew.sciberras@eB2Bcom.com
Subject: [ldapext] Re: draft-zeilenga-ldap-readentry-03.txt
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 26 Oct 2004 16:05:05 -0700
Cc: Ldapext <ldapext@ietf.org>
In-reply-to: <417ED549.2080203@eB2Bcom.com>
References: <417ED549.2080203@eB2Bcom.com>

At 03:52 PM 10/26/2004, Andrew Sciberras wrote:
>Now, the last thing I want to do is get into a discussion about the criticality of controls, since we've been over this a number of times. However, two statements exist which leave me puzzled:
>
>"The normal processing of the update operation and the processing of
>this control MUST be performed as one atomic action isolated from
>other update operations."
>
>"The criticality may be TRUE or FALSE."
>
>
>So, the operation MUST be atomic and the control may have a criticality of FALSE.
>What would happen if a DSA received a modifyRequest with a controlType whose value is IANA-ASSIGNED-OID.1 and a controlValue of an empty OCTET STRING and a criticality of FALSE?
>The DSA:
>        * recognizes the control (and supports it),

and, if its appropriate for the request, "the server
will make use of the control when performing the operation."

>        * is aware of the atomic nature of this request,
>        * cannot decode the controlValue
>        * Can rightfully ignore the control since it's not critical

IMO, the server cannot rightfully ignore the control regardless
of its criticality.

>Does the DSA fail the operation (for atomic reasons) or proceed (based on the criticality)?

Fail.  Assuming the decode problem is due to violation of
the control's technical specification, protocolError would
likely be the most appropriate code to return.  There are,
of course, numerous other ways the server could fail to
decode the controlValue or be otherwise not willing or
able to perform the operation.  Whatever the case, the
server should fail the operation and return an appropriate
error code.

>I don't know the right answer... but would be inclined to state that this control should not change the LDAP semantics of the criticality field of the control and therefore continue processing.

I would argue that control semantics (as defined by
RFC 2251) are that the value of the criticality field
are irrelevant in this case as "the server recognizes
the control type and it is appropriate for the operation"
and hence is obligated to "make use of the control when
performing the operation" (or fail the operation).

Kurt 

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- [ldapext] draft-zeilenga-ldap-readentry-03.txt
  - From: Andrew Sciberras <andrew.sciberras@eB2Bcom.com>

Prev by Date: [ldapext] draft-zeilenga-ldap-readentry-03.txt
Next by Date: Re: [ldapext] Re: Password Policy for LDAP Directories
Index(es):
- Chronological
- Thread