[Date Prev][Date Next] [Chronological] [Thread] [Top]

[ldapext] comment control, dummy request, no-response request

To: ldapext@ietf.org
Subject: [ldapext] comment control, dummy request, no-response request
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 22 Feb 2005 23:30:55 +0100

"Comment" control:

It can be useful to attach a comment to an LDAP request.
The intent would be to log the comment with the request in
the server log, to help analyze the logs.

Does a spec for such a control exist?  If not I'd like to
define and implement it.

I'm not sure how to define the controlValue, though.  Usually an
LDAPString would be natural, but sometimes one may want to attach data
with no defined or known character set.  So a plain OCTET STRING might
be better, to be interpreted at the server admin's discretion.
Or one could mix both to make pretty logging a bit simpler in the
case it is an UTF-8 string:

   CHOICE {
     text    [0] LDAPString,
     octets  OCTET STRING,
     ...
   }


"Dummy" extended operation:

Has anyone defined a dummy extended operation, which does nothing except
whatever the attached extensions say?  If not, would anyone else like to
see it defined?

A client can want do issue a request solely for the sake of the attached
controls.  To enter a note in the log with the "comment" control.  To
test if the currently bound user can proxy for a given authorization ID
with the Proxy Authorization Control (draft-weltman-ldapv3-proxy-12.txt).
To use the "assert" control (draft-zeilenga-ldap-assert-05.txt) if one
wants to check an entry against a filter and the compare operation is
insufficient.  Using "assert" instead of baseobject search avoids one
returned PDU.  I suppose such an operation could at times also be useful
to keep the server from timing out the LDAP connection.

ExtendedRequest.requestValue, if present, would be an LDAPDN packed in
the requestValue OCTET STRING, so that controls that act on a DN will
know which DN to act on.


"No-response, dummy" operation:

This one is pretty marginal.  I could define such an operation too if
anyone feels a need for it, but otherwise I won't bother.

For use with the comment control, it could be convenient with a dummy
operation which did not return a response.  I can't think of other
instances to desire a dummy no-response operation at the moment.

ExtendedRequest does not support no-response operations.  One could
define a new request type, or fake it with abandon of an unused message
ID (e.g. msgID 0), or define a critical control which cancels the effect
of Abandon.  Kurt's "noop" control could be extended to be used with
Abandon, but that would probably only be useful with no-effect controls
like "comment".  So that usage seems even more marginal.


Comments?

-- 
Hallvard

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

Follow-Ups:
- Re: [ldapext] comment control, dummy request, no-response request
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: [ldapext] draft-zeilenga-ldap-x509 -> PS
Next by Date: [ldapext] draft-behera-ldap-password-policy - last login time
Index(es):
- Chronological
- Thread