[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] password policy response control question
John McMeeking wrote:
What response should the server send if there are no password policy
warnings or errors to report?
I've heard several answers proposed on my team, along with arguments for
and against:
1. Do not send a password policy response control.
2. Send a response control with no value.
3. Send a response control where the value consists of an empty sequence.
The OpenLDAP implementation does (3). If I were writing a client, I'm
not sure I'd care. For an unsupported control, you would get a specific
error already. So, absent that error, I would assume all's well.
The draft says that responses are sent "when appropriate", and there is
a general rule that protocols shouldn't be unnecessarily "chatty". Not
sending a response fits both those criteria, but some have argued that
not sending this control should be interpreted as meaning the server
does not support the control (perhaps the control is not supported with
a particular naming context) . Control values are optional for LDAP
controls in general. The draft doesn't say the response MUST be sent
with a control value; neither does it state any condition under which
the server would send a response control without a warning or error.
The converse of the question might be: What should a client expect as
normal responses?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext