Re: [ldapext] password policy response control question

[Howard Chu <hyc@highlandsun.com>]

John McMeeking wrote:
> What response should the server send if there are no password policy 
> warnings or errors to report?
>
> I've heard several answers proposed on my team, along with arguments for 
> and against:
>
> 1.  Do not send a password policy response control.
> 2.  Send a response control with no value.
> 3.  Send a response control where the value consists of an empty sequence.

The OpenLDAP implementation does (3). If I were writing a client, I'm 
not sure I'd care. For an unsupported control, you would get a specific 
error already. So, absent that error, I would assume all's well.

> The draft says that responses are sent "when appropriate", and there is 
> a general rule that protocols shouldn't be unnecessarily "chatty".  Not 
> sending a response fits both those criteria, but some have argued that 
> not sending this control should be interpreted as meaning the server 
> does not support the control (perhaps the control is not supported with 
> a particular naming context) .  Control values are optional for LDAP 
> controls in general.  The draft doesn't say the response MUST be sent 
> with a control value; neither does it state any condition under which 
> the server would send a response control without a warning or error.
>
> The converse of the question might be:  What should a client expect as 
> normal responses?
--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext